[HPFGU-OTChatter] Dealing with that badtrans.b worm virus - a new tip

Saitaina saitaina at wizzards.net
Sat Dec 1 14:43:48 UTC 2001


Uh...before you try this tip...might I point out some problems with the
idea-

"This "helpful" bit of advice first appeared on the Internet in mid-August
2001. It purports to offer an easy-to-implement solution to counter the
ongoing travails visited upon those foolish enough to have opened
virus-laden e-mails by disarming the virus' ability to spread to others
disguised as legitimate mail from the duped user. According to the advice,
netizens need only add a bogus !0000, 0000, or 10000 entry in their e-mail
address books to create an effective "shark account" that will gobble up
unauthorized mailings to the full book.

This trick will work somewhat, but it's not the panacea it's presented to
be. Although the recommended action will help derail the spread of viruses
designed to do a "send all," it will not counter the many that randomly
select individual addresses from a user's address book or supplement
addresses harvested from that location with those found cached elsewhere on
the system. (This method also assumes that if the first entry in a list of
recipients is invalid, the message won't be sent to any of the recipients --
this is not necessarily true of all e-mail programs.) Faked entry or not,
those who correspond with users infected with those sorts of viruses will be
just as vulnerable as they ever were.

Moreover, even those viruses whose spread has been halted via the ruse of a
fake address book entry can still be doing damage to the infected user's
system. Once an executable file has been opened and run, any virus it
contains begins doing its dirty work. Part of that dirty work may amount to
mailing itself to others, but if the virus it programmed to do more than
just replicate itself via e-mail, it will still be present to wreak havoc on
the infected computer. Deleting the infection-carrying e-mail will not halt
whatever else may be underway.

Only a fool takes advice that amounts to altering anything on his own system
without first fully understanding its nature. Though the current "helpful
trick" is innocuous, there is no guarantee later versions will not circulate
that instruct the credulous to do harm to their systems under the guise of
helping them. Witness the May 2001 sulfnbk.exe hysteria where thousands of
users geared to take whatever advice turned up in their inboxes were duped
into deleting a key Windows operating system file from their home systems.

The best advice for countering viruses has always amounted to investing in
good anti-virus software and using the product regularly to scan for
infected files. Second best is a caution against running executable files
sent in e-mail. Purient or lustful curiousity often fuels the spread of
those infections, as users who should by now know better open applications
that promise videos of the McVeigh execution or naughty encounters featuring
the latest media hotties.

Peek not lest you lose, not your soul, but your hard drive."

(filched in it's entirty from
http://www.snopes.com/inboxer/virus/quickfix.htm)


The best and currently only way to stop the spread of this virus is to
upgrade your browser.  That's all the advice we have at this moment and
pretty much ignore any email that has no subject even from your closest
friends.  I've come in contact with this virus 5 times since my triple
infection and have discovered some...useful facts.

For some reason on my first infection it did not attack my contacts (address
book) it attacked my inbox.  It replied to every email in my inbox yet my
contacts where un-effected.  Other folders were also not infected, meaning
my RPG's, mailing lists, fiction lists were not targeted.  The only people
who actually got the virus from me were spammers and two friends.  So an
idea to help is to sort your mail into folders, it keeps you organized and
protects them.

Removal of the virus involved deleting three files and a line in my
registry...not as complicated as it seems.  Also my ani-virus program did
NOT pick up on the infection, but a web based one did.  For those of you who
would like the URL please contact me privately.  This means you should
update your virus checkers imediatly and everyday so you have the proper
thingies to find the virus.

And most of all...DON'T USE YOUR EMAIL/SURF THE INTERNET during the
infection...it copies keystrokes and sends them to the originator for
his/her personal use...besides, you dont' want to send this to all your
friends while you try to clean up your computer do you?


Saitaina
*****
Giles (to the Council members): You all stand around and look somber.
(Indeed they do.) Good job.
Quentin: You used to respect us, Giles. You used to be one of us.
Giles: You used to pay me.

"The only way to get rid of temptation is to give in."
-Oscar Wilde





More information about the HPFGU-OTChatter archive