stephen.buckland1 at btinternet.com
stephen.buckland1 at btinternet.com
Wed Nov 28 05:14:56 EST 2001
Dear Mr McCarty,
Thank you for your informative e-mail on the Badtrans virus. I, however, was not so lucky and have had a fair amount of damage on my home PC when the virus came through as a reply to a job application, as I have recently finished a MSc in GIS (yes one of those 'starving students'), while in the process of buying virus protection software off the web!
As a way of extra information for everyone the name the e-mail was addressed from was a 'chan.mai' or a name to that affect, with the attached file having 'HAMSTER' in the name field.
I write this to you all as an apology should the virus send an email out (although I will soon be taking my name off the list until I can sort out and delete the virus properly).
> Frank et al.,
> Thanks for confirming that someone else has been hit. We suffered no
> damage here, but did wonder about several recently received messages.
> For those on the list who wish to learn more about this worm, go to:
> <a href="/bti/redirect.html?<a href=avcenter/venc/data/w32.badtrans.b at mm.html" target="newLink"><a href=avcenter/venc/data/w32.badtrans.b at mm.html</a>
> to see its effects and how to get rid of it.
> >> The attached virus-file was identified as setup.exe.rdc<<
> Actually, its a worm called w32.badtrans.
> >> and sender is called Jose M. Castello (surely a false name!) <<
> On the contrary, Sr. Castello did participate on this list in the past
> One aspect of this worm is that it replies to a message which has not been
> replied to before. In other words, if an exchange of messages ends because
> there is nothing more to say, it is possible that the worm will pick the
> last message in the thread and reply to it.
> One message that we received here had the appropriate subject line for the
> earlier exchange.
> >> I was unable to identify the email address of the sender, however, there
> are people working on it. <<
> We had no trouble reading the addresses. They may not be valid at this
> point, but they were certainly readable....
> At the risk of incurring the wrath of list members, I would respectively
> suggest that if you do not have virus software installed, or worse, if you
> cannot bother to keep it up to date, please do not subscribe to this list,
> or any other.
> Yes, there are undoubtedly some "starving students" who subscribe to the
> list, as well as participants from outside the US for whom virus software
> is a relative luxury. However, I hope that they are the minority and that
> they will be as careful as possible regarding viruses. Many of us on this
> list will gladly offer concrete suggestions for taking such care, if asked.
> To Jim Hendee and the list operators, this worm came to light only
> recently. However, Norton responded with new virus definitions within 1
> day, despite the holiday. I'm sure that other AV software companies did
> the same. We all need to pay attention. I hope that no one else
> experienced anything more than a minor annoyance. If not, check the URL
> above for instructions on how to remove the virus.
> Yours for safer computing,
> Chip McCarty
> For directions on subscribing and unsubscribing to coral-list or the
> digests, please visit www.coral.noaa.gov, click on Popular on the
> menu bar, then click on Coral-List Listserver.
For directions on subscribing and unsubscribing to coral-list or the
digests, please visit www.coral.noaa.gov, click on Popular on the
menu bar, then click on Coral-List Listserver.
More information about the Coral-list-old