Message: 1 Date: Fri, 15 Oct 1999 15:17:18 -0400 From: [EMAIL PROTECTED] Subject: Badass virus infects Outlook Badass virus infects Outlook By David A. Harvey, Help Channel October 15, 1999 11:31 AM PT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If this was forwarded to you - get your own free subscription here: http://theMezz.com/alerts ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ One of two new e-mail-based worm viruses, Badass, has begun spreading across the Internet. The virus, which originated in Holland, does not damage files, but does create large volumes of e-mail traffic and could cause network slowdowns. Fortunately, Badass' bark is far worse than its bite, and the cure is relatively simple. Virus experts have deduced that this worm which likely originated in a bank in the Netherlands is a rather inelegant kluge of the codes of the Melissa and Win.Stupid virii. A worm is so named because it roots into your system and then makes copies of itself, in effect, perpetuating its existence. Internet worms are particularly pernicious, because they use a host computer to make copies, and then take advantage of the host computers Internet connection to send copies of themselves to other computers. URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2374365,00.html _______________________________________________________________________________ _______________________________________________________________________________ Message: 2 Date: Fri, 15 Oct 1999 15:18:43 -0400 From: [EMAIL PROTECTED] Subject: Badass Virus UPDAT Badass Virus Infects Outlook By David A. Harvey, Help Channel October 14, 1999 3:14 PM PT One of two new e-mail-based worm viruses, Badass, has begun spreading across the Internet. The virus, which originated in Holland, does not damage files, but does create large volumes of e-mail traffic and could cause network slowdowns. Fortunately, Badass' bark is far worse than its bite, and the cure is relatively simple. Virus experts have deduced that this worm which likely originated in a bank in the Netherlands is a rather inelegant kluge of the codes of the Melissa and Win.Stupid virii. A worm is so named because it roots into your system and then makes copies of itself, in effect, perpetuating its existence. Internet worms are particularly pernicious, because they use a host computer to make copies, and then take advantage of the host computers Internet connection to send copies of themselves to other computers. Like all e-mail-based viruses, Badass exists as an attachment to an e-mail message and will not execute unless you open the attached file. That's good. Prudent computing dictates that you should never open an unknown file, or a file from an unknown user. It's important to bear in mind that e-mail viruses cannot execute unless you open the attached file. In the case of Badass, the particular e-mail message, 24,576 bytes in size, comes with two possible subject lines, both: =?Windows-1252?B?TW9n+2guLg==?=, and a variation which starts with the characters "Moguh�" have been reported. The body of the message reads, in Dutch, ""Dit is wel grappig! :-),"which translates into, "This is funny! :-)." It's the attachment, however, BADASS.EXE that does the damage. When you open this file, either by double-clicking on the icon in the mail message, or by right-clicking on the attachment icon in your e-mail program and selecting open, the program launches. The first thing you'll see is a dialog box with a particularly juvenile and vulgar message, "An error has occurred because your ___ smells bad." The code of the virus is programmed so that you cannot click the No button-a rip-off of Win.Stupid code. When you click yes, you're informed, "Contact your local supermarket for toilet paper and soap to solve this problem." >From here on out, it's pretty much all Melissa. The virus spreads out over your hard drive looking for Microsoft Outlook. If you don't have Microsoft Outlook, nothing will happen; if Outlook is installed, however, Badass will recreate its message, and attach a copy of BADASS.EXE to that message, and then send that message to everyone in your address book. Badass also adds a registry key: HKCurrent UserSoftWareVB and VBA Program SettingsWindowsCurrentVersion with the value "CMCTL32"="00 00 00 01" One caveat - it is not known if Badass is capable of working it's pernicious sleight-of-hand without the aforementioned subject line, message contents, and file name. In other words, it is possible that someone could rename the virus and change the message and subject and continue the worm's spread.Prevention and cure are quite simple. Don't open unknown files, or files from unknown persons. Use virus-scanning software that is capable of checking e-mail attachments, such as, McAfee's VirusScan, or Symantec's Norton AntiVirus-Norton has released an update to deal with Badass. If you get the Badass email, don't just delete the message. Make sure that you use Windows' Explorer to go to the directory where your e-mail program stores attachments and delete the file BADASS.EXE. If you're not sure what directory your e-mail program uses, press F2 in the Windows Explorer, and type BADASS.EXE in the file name box. Be sure to search all your hard drives. If you don't find the files, your e-mail program deleted the attachment when you deleted the message. After doing all this, be certain to empty the deleted items folder in both your e-mail program and on the Windows Desktop. -- You Don't Know You Need It Until You Read It: http://theMezz.com/alerts _______________________________________________________________________________ _______________________________________________________________________________ Message: 3 Date: Fri, 15 Oct 1999 15:20:36 -0400 From: [EMAIL PROTECTED] Subject: details, prevention and cure of BADASS details, prevention and cure of BADASS: http://www.zdnet.com/zdhelp/stories/main/0,5594,2353908-3,00.html ------- AFLHI 058009990407128029/089802 milis ini didukung oleh : >> http://www.indolinux.com - dunia linux indonesia ------------------------------------------------------------------- untuk berhenti kirim email ke [EMAIL PROTECTED] untuk melihat peraturan kirim email ke [EMAIL PROTECTED] arsip berada di http://www.mail-archive.com/[email protected]
