Colext/Macondo
Cantina virtual de los COLombianos en el EXTerior
--------------------------------------------------
No se que tan peligroso sea el nuevo bicho, pero "by if the flies" ahi les
va el dato! Como no confirme la informacion, de pronto me gano un gol!
Chao mijiticas,
Nestor Raul
---------- Forwarded message ----------
Date: Tue, 27 Nov 2001 13:35:00 -0600
From: USMMAIL <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: New Virus Reported - BADTRANS.B
===========================================================================
W32.Badtrans.B@mm
Discovered on: November 24, 2001
Last Updated on: November 26, 2001 at 12:46:58 PM PST
W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several
different file names. This worm also creates a file in the \Windows\System
directory which uses functions from this file to log keystrokes, thereby
collecting password information.
Damage:
* Payload:
* Large scale e-mailing: Uses MAPI commands to send email.
* Compromises security settings: Installs keystroke logging
Trojan horse.
Technical description:
This worm arrives as an email with one of several attachment names and a
combination of two appended extensions.
The list of possible file names is:
HUMOR
DOCS
S3MSONG
ME_NUDE
CARD
SEARCHURL
YOU_ARE_FAT!
NEWS_DOC
IMAGES
PICS
The first extension that is appended to the file name is one of the following:
.DOC
.MP3
.ZIP
The second extension that is appended to the file name is one of the following:
.pif
.scr
The resulting file name would look something like this:
CARD.DOC.PIF
NEWS_DOC.MP3.SCR
For more information on this virus, visit USM's Antivirus Home Page at:
http://antivirus.usm.edu
===========================================================================
--------------------------------------------------------------
To unsubscribe send an email to: [EMAIL PROTECTED]
with UNSUBSCRIBE COLEXT as the BODY of the message.
Un archivo de colext puede encontrarse en:
http://www.mail-archive.com/[email protected]/
cortesia de Anibal Monsalve Salazar
