[Sca-cooks] Att: Dan Phelps
Dan Phelps
phelpsd at gate.net
Sat Dec 15 11:06:18 PST 2001
You asked:
> Do you get the virus just from opening an email?
> Or is it the attachment you have to open?
> Phillipa
Here are the specifics:
WORM_BADTRANS.B
Risk rating:
Virus type: Worm
Destructive: No
Aliases:
W32/Badtrans-B, BADTRANS.B, W32/Badtrans at MM, W32.Badtrans.B at mm,
W32/BadTrans.B-mm
Description:
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It
propagates via MAPI32, has a Key Logger component, and arrives with randomly
selected double-extension filenames.
It does not require the email receiver to open the attachment for it to
execute. It uses a known vulnerability in Internet Explorer-based email
clients (Microsoft Outlook and Microsoft Outlook Express) to automatically
execute the file attachment. This is also known as Automatic Execution of
Embedded MIME type.
More information about the Sca-cooks
mailing list