At 10:31 AM 12/10/01 -0800, Forum Administrator wrote:
>At 09:43 AM 12/10/2001, you wrote:
>>I think there is an e-mail with an attached virus residing in the latest 
>>batch of messages. My server can't get past 23 messages; when it finally 
>>did, one of the e-mail messages had a virus ([EMAIL PROTECTED]).
>
>Attachments are striped from all forum mail to prevent distribution of 
>viruses.

I looked up the virus in question:

This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It 
propagates via MAPI32, has a Key Logger component, and arrives with 
randomly selected double-extension filenames.
It does not require the email receiver to open the attachment for it to 
execute. It uses a known vulnerability in Internet Explorer-based email 
clients (Microsoft Outlook and Microsoft Outlook Express) to automatically 
execute the file attachment. This is also known as Automatic Execution of 
Embedded MIME type.

While there are certain viruses that depend on malformed signatures, this 
is not one of them, it could not be transmitted without the attachment; 
therefore the Forum is not the source of the infected mail on the server.

The original message implied that the writer had actually found the message 
with the virus. If so, it may be that the source address has been spoofed 
to be that of the Forum.

Outlook users should be careful to have the latest patch.

[EMAIL PROTECTED]
Abdulrahman Lomax
Easthampton, Massachusetts USA

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* To post a message: mailto:[EMAIL PROTECTED]
*
* To leave this list visit:
* http://www.techservinc.com/protelusers/leave.html
*
* Contact the list manager:
* mailto:[EMAIL PROTECTED]
*
* Forum Guidelines Rules:
* http://www.techservinc.com/protelusers/forumrules.html
*
* Browse or Search previous postings:
* http://www.mail-archive.com/proteledaforum@techservinc.com
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reply via email to