Film-Tech Forum ARCHIVE: Virus alert

my profile | my password | search | faq & rules | forum home

»	Film-Tech Forum ARCHIVE » Community » Film-Yak » Virus alert (Page 1)

This topic comprises 2 pages: 1 2

Author

Topic: Virus alert

Brad Miller
Administrator

Posts: 17775
From: Plano, TX (36.2 miles NW of Rockwall)
Registered: May 99

posted 11-27-2001 01:49 AM

I don't know if this is an old virus, or something that has just turned up, but as of the last 2 days I've been seeing a lot of this one (and I've never seen it before).

The email comes in with the subject "Re:" and nothing else. The email address is generally fake and it comes with two attachments. One is a txt document which has nothing in it and the other is a random file. There is no text in the body of the email.

Delete the email entirely without opening the attachments.

| IP: Logged

Michael Brown
Phenomenal Film Handler

Posts: 1522
From: Bradford, England
Registered: May 2001

posted 11-27-2001 02:47 AM

There is something going round my university. Started yesterday.

| IP: Logged

Joe Redifer
You need a beating today

Posts: 12859
From: Denver, Colorado
Registered: May 99

posted 11-27-2001 03:51 AM

I wish I'd get one of these e-mails. I'd open both up with BBEdit and take a look at what's inside. Of course you should never open attachments from addresses that are not familiar. If there are viruses going around, you also might want to turn off the "display images and other crap like that" option in your mail program since it will automatically try to run files with .jpg or .mov extensions and the like.

| IP: Logged

Mark Lensenmayer
Phenomenal Film Handler

Posts: 1605
From: Upper Arlington, OH
Registered: Sep 1999

posted 11-27-2001 08:11 AM

This is a new variant on an older worm called BADTRANS.B I was sent an alert on this yesterday.

It can only be activated if you open the attached files. Unfortunately, with some older versions of IE (5.0 and 5.5) the file can launch automatically, so if you are running one of these, get the patch from Microsoft.

This worm does some very nasty things...it installs a trojan horse back door to your system, sends out your IP address to the author, then runs a keylogger that tracks every keystroke (including passwords, credit card numbers, etc) and places this file on your hard drive for the author to harvest.

Brad is right...be VERY careful when opening attachments.

For info on this virus, check out this link:
http://www.infoworld.com/articles/hn/xml/01/11/26/011126hnbadtrans.xml?1126alert

As always, be sure to check regularly for new virus definition files. Since November 1, Norton Antivirus has added 141 new definitions, and since February, they have added approximately 10,000!!!!!

| IP: Logged

Paul G. Thompson
The Weenie Man

Posts: 4718
From: Mount Vernon WA USA
Registered: Nov 2000

posted 11-27-2001 12:50 PM

Be especially careful with Microsoft's Outlook Express. We have had nothing but problems at the radio station of virus programs sneaking through on the *.eml attachments.

I never received a virus via AOL. But that does not mean I won't. Take Brad's advice.

Better yet, don't open anything you get from a stranger. Let your virus scan engine look at any attachment you download, even if it comes from a friend. Sometimes the virus will attach itself without your friend even knowing it.

If you download a supposingly legit file, scan before opening it. Remember what happened to Josh's drive with that kmd.exe?

Keep your virus scan programs up to date.

Paul

| IP: Logged

Bobby Henderson
"Ask me about Trajan."

Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001

posted 11-27-2001 11:11 PM

The new variant of Badtrans.B can affect any version of Outlook Express, even version 6. If you use Outlook or Outlook Express, you have to download Microsoft's latest security patch.

This is a price Wintel PC users have to pay for Microsoft fusing so many parts of Internet Explorer, Outlook and MS Office deep into the core parts of the operating system. Microsoft does this for the sole purpose of keeping other Windows developers at a competitive disadvantage. In doing this, Microsoft has also created the biggest security compromise in computing history. For each patch Microsoft develops, virus writers will find other ways to insert malware into the average users PC. Perhaps some of the congress people who turned a blind eye to this new "settlement" with Microsoft might not have been so keen on the deal if they would bother to pay attention to just how bad virus attacks have become over the last few years.

Run the latest virus protection software and have a software or hardware firewall running. Sometimes the firewall can be a real savior. Someone tried to infect my machine with some spyware and the firewall was the only thing that kept the packets of data from leaving my machine. My next DAT download found the new virus definition and I got it eliminated.

| IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000

posted 11-28-2001 04:45 AM

A detailed technical description and instructions for removal can be found here.

| IP: Logged

Tim Sherman
Expert Film Handler

Posts: 125
From: North Ridgeville, OH, USA
Registered: Aug 2000

posted 11-28-2001 02:13 PM

Just so you all know i also recieved this virus in my E-mail today. It had the subject heading of Re:Film Tech and was sent by "nostalgia entertainment, inc." so be forwarned that this virus is now directly targeting members of film-tech. they are refereing to film tech directly now, maybe a notice or something could be put on the opening page or somwhere more visible to people using the site.

------------------

http://www.autoramadrivein.com

come on out to the drive-in and spend a night out with the stars"
ME!!

| IP: Logged

Gary Martin
Film Handler

Posts: 6
From: Cornwall, England
Registered: Nov 2001

posted 11-28-2001 04:04 PM

maybe this is a similar virus just got a warning about it from another uk technician site this virus is called the Badtrans.B email worm and was discovered in the europe last saturday as already mentioned it comes as an attachment to email

for info http://www.datafellows.com/v-descs/btrans b.shtml

| IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000

posted 11-29-2001 04:28 AM

Tim - this worm disguises itself by looking through SMTP information cached in the computer and then inserting a header fields from this data at random, in order to make the e-mail look like it comes from someone you know. If the infected computer which sent you the e-mail has ever sent or received one from 'nostalgia entertainment inc' and/or with the subject 'Re: Film-Tech' then that could be the reason why.

I don't think this in itself means that Film-Tech readers are being targeted with viruses, though, that having been said, I have received 4 Badtrans e-mails since yesterday.

The Symantec website (see the link on my earlier post) states:

quote:
If SMTP information can be found on the computer, then it will be used for the From: field. Otherwise, the From: field will be one of these:
"Mary L. Adams" <mary@c-com.net>
"Monika Prado" <monika@telia.com>
"Support" <support@cyberramp.net>
" Admin" <admin@gte.net>
" Administrator" <administrator@border.net>
"JESSICA BENAVIDES" <jessica@aol.com>
"Joanna" <joanna@mail.utexas.edu>
"Mon S" <spiderroll@hotmail.com>
"Linda" <lgonzal@hotmail.com>
" Andy" <andy@hweb-media.com>
"Kelly Andersen" <Gravity49@aol.com>
"Tina" <tina0828@yahoo.com>
"Rita Tulliani" <powerpuff@videotron.ca>
"JUDY" <JUJUB271@AOL.COM>
" Anna" <aizzo@home.com>

| IP: Logged

Adam Martin
I'm not even gonna point out the irony.

Posts: 3686
From: Dallas, TX
Registered: Nov 2000

posted 11-29-2001 11:55 AM

What Leo said. I received one yesterday with "Re:" before a subject line I had received previously from another person, who resides in Tasmania.

The extension of the attached file I received was .pif

| IP: Logged

Scott Norwood
Film God

Posts: 8146
From: Boston, MA. USA (1774.21 miles northeast of Dallas)
Registered: Jun 99

posted 11-29-2001 12:57 PM

For what it's worth, I'm blocking mail attachments with a few of the nastier file extensions (.VBS, .EXE, etc.) and renaming most of the others (e.g. filename.doc becomes filename1234-defanged-doc) on my mail server at work. This forces Windows users to think about what they're doing, since they are forced to save the file and rename it before opening it. It also gets rid of the nastier attachments. (The other half of the company runs assorted Unix variants and finds all of this to be mildly amusing.)

For those who run mail servers, I would recommend a visit to http://www.impsec.org/email-tools/procmail-security.html

| IP: Logged

Tal Marks
Film Handler

Posts: 57
From: New York, NY
Registered: Oct 1999

posted 11-29-2001 10:45 PM

I just received an email with an attachment containing a virus (worm).

Just to fill you in on the specs:

from: cronk.ps@verizon.net

subject: midterm-school law

body: "Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks"

attachment: "midterm_school_law.doc.bat"

virus: Virus W32.Sircam.Worm@mm

I received it @ yahoo.com which has the built-in "scan with norton anti-virus". It's still in my Inbox if anyone wants me to forward it to them so they can poke around in it.

Disclaimer: none.

| IP: Logged

Adam Martin
I'm not even gonna point out the irony.

Posts: 3686
From: Dallas, TX
Registered: Nov 2000

posted 11-30-2001 11:56 AM

I just learned a new thing about Outlook Express.

In version 6, available at windowsupdate.microsoft.com, click on: Tools -> Options -> Security and check the boxes for "Warn me when other applications try to send mail as me" and "Do not allow attachments to be saved or opened that could potentially be a virus".

These options are not available in OE 5, and I'm sure that in a week someone will have come up with a workaround for this security device, also.

And there's still no excuse not to have up-to-date virus protection, too.

| IP: Logged

Jeffry L. Johnson
Jedi Master Film Handler

Posts: 809
From: Cleveland, Ohio, USA
Registered: Apr 2000

posted 11-30-2001 02:26 PM

My ISP, APK Net, offers email virus scanning. So the viruses are removed before I download my email. I receive the text of the message and a notice that (name of virus) was removed.

| IP: Logged

All times are Central (GMT -6:00)

This topic comprises 2 pages: 1 2

Printer-friendly view of this topic

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.