Chiff & Fipple Community Virus

[Dale]

This BadTrans virus is unbelievable. Coincidentally, I updated my antivirus software the day before it really hit. But, even with updated virus definitions less than 24 hours old, the first time it was sent to me, it got into my system--it got started that fast! Fortunately, I knew that something was up and got the fix for it very quickly before it spread out of my system. In the meantime, I have receive infected email from 38 email addresses on the whistle list. I've never had anything remotely close to that kind of concentration of virus alerts. Happily, my trusty Norton A.V. has done it's job.

Dale

<font size=-1>[ This Message was edited by: DaleWisely on 2001-12-01 22:09 ]</font>

<font size=-1>[ This Message was edited by: DaleWisely on 2001-12-02 00:53 ]</font>

[thomlarson]

Dale's right - this one is bad. Norton AntiVirus can take care of it easily enough, but only if you update your virus definitions! We've received many BadTrans emails here too, but our computers were not infected. <B>One of the bad things about this virus is that it can possibly infect a computer</B> (if you use Microsoft Outlook) <B>without even opening the attachment!</B> Here's a partial quote from the Norton Page:

<I>"Email messages use the malformed MIME exploit to allow the attachment to execute in Microsoft Outlook without prompting"</I>

If you had read the info about this virus right after it came out, you might want to go back and read it again - they've posted a lot more info about it there now:
<B><a href="http://securityresponse.symantec.com/av ... ">BadTrans Virus Info</A></B>.

If you don't have Norton AntiVirus, you can download a thirty day free trial of it from their website. I'd assume that McAffee has the same type of fix available - I mention Norton because it's the one that I'm familiar with.

<font size=-1>[ This Message was edited by: thomlarson on 2001-12-01 23:21 ]</font>

[thomlarson]

There is a "Removal Tool" that you can download at Symantec's site now. It only takes a few seconds to download - when you run it, it will tell you if your system has been infected or not, then remove the virus if you do have it:

<B><a href="http://securityresponse.symantec.com/av ... ">BadTrans Removal Tool</A></B>

[StevieJ]

I too am getting one or two virus emails per day.

I've never used Outlook, so they stop here. Eudora is an excellent and very capable email program. It inflicts ads on you unless you pay for it, though.

There's another step you can take on Windows 95/98 and possibly other Windows versions, and that is to disable "Windows script hosting". I learned about this after suffering a catastrophic loss of data through the "I love you" virus.

Click Start | Settings | Control Panel | Add/Remove Programs

Select the "Windows Setup" tab. Select "Accessories". Click the "Details" button. Uncheck "Windows Scripting Host".

This, I believe, will prevent programs from being able to run scripts automatically. It is enabled by default (thank you very much Bill Gates!).

[JMcCYoung]

(snip)

Eudora is an excellent and very capable email program. It inflicts ads on you unless you pay for it, though.

(snip)

The older freeware version of Eudora, Eudora Light for both PC and Mac, is still available from:

http://www.emailman.com/eudora/previous/index.html

It doesn't have all the bells and whistles of the current version of Eudora nor of Outlook (nor, I expect, of some of the other more recent versions of e-mail clients), but it's perfectly adequate for basic non-HTML e-mail. It has good filtering capabilities too, although without the extensive options found in the Pro version.

John

[avanutria]

Thanks Thom for the link (virus free!) and Stevie for the instructions.

I'm not familiar with this virus' characteristics. I've recently been receiving empty emails with stuff in the subject line and a size of about 3KB but no content (no text, no attachment). One was from a C&F person with a subject line that matched previous conversations, and one was from someone I'd never heard of with a subject line referring to my webpage. Does anyone know if this is a byproduct of a current virus?

[Grannymouse]

I just installed Norton 2001 as i was suspicious of an email that came in from one of our members overseas. By the time Norton confirmed that I had a virus and what did I want to do about it.......my computer froze up.....so here I am....$70 + later. As it turned out...I had 2 viruses. Now I'm looking behind every tree and bush! Gm

[ndjr]

On 2001-12-02 11:24, avanutria wrote:

( Received wierd e-mails and ) One was from a C&F person with a subject line that matched previous conversations, and one was from someone I'd never heard of with a subject line referring to my webpage. Does anyone know if this is a byproduct of a current virus?

These things are more properly referred to as "worms," and, yes, this sort of behavior is to be expected from them. Some of them search your mailbox for unread messages, and use the subject lines and return addresses to send out copies of themselves. Others use the address book, if it exists. Worms like Nimda and the three versions of CodeRed may have multiple vectors. One of them, sorry but I can't remember which because they behave similarly, could spread as an e-mail worm, as a download from an infected website to a poorly-configured browser, over shared drive space in a MicroSoft Windows network, and by searching the internet automatically for webservers running vulnerable copies of MicroSoft's IIS package. Both of these worms still exist in the wild, and some of my logs are full of unsuccessful Nimda hits as I write this.

I routinely get e-mailed worms that have these characteristics. Fortunately for me, I use Unix and am therefore not vulnerable to them.

I just have to worry about the hackers ....

[brownja]

Opera is a very capable browser and e-mail client.
I use it on all my windows pc's.

Use Linux for a much safer, crash-free computing experience.

http://www.opera.com

jb

[ndjr]

On 2001-12-02 14:29, brownja wrote:

Use Linux for a much safer, crash-free computing experience.

Point well taken, <i><strong>BUT</i></strong> this is true only if the Linux box is properly patched and configured. If one is considering using Linux as an operating system, please <i>do</i> go to the bookstore and get one of the many good volumes published on the installation and maintenance of Linux systems. Many, if not most, versions of Linux ship with default installations that are hugely vulnerable to hackers.

( War_Story_Mode = ON )

I had a conversation with a fellow who told me that his new Linux box got hacked the moment he finished installing the OS. The network IT people where I work told me that as an experiment they did a default Linux installation on a box and connected it to the internet without putting it in the domain name servers or making it in any way "visible." It was hacked within a week.

( War_Story_Mode = OFF )

I don't mean only to pick on Linux, by the way, because the other versions of unix can be similary vulnerable. The best way to bring up a *nix box is to accumulate all the software, patches, and references needed, then bring it up OFF-line and plug it into the internet only when it has been secured.

[TelegramSam]

I've said it before and I'll say it again, web-based email is a wonderful thing...

[ndjr]

On 2001-12-02 17:30, TelegramSam wrote:

I've said it before and I'll say it again, web-based email is a wonderful thing...

I don't think there's anything commonly used that is absolutely safe. Web-based e-mail can be dangerous if it contains maliciously coded html content, ditto with java scripts, depending on how the browser is configured.

The only mail readers I know of that are absolutely safe are plain vanilla unix command-line "mail," and perhaps "Pine," which also runs under unix. These mail readers are far too unsophisticated to present a problem with worms and other malware.