VIRUS

[stephen.buckland1 at btinternet.com]

Dear Mr McCarty,

Thank you for your informative e-mail on the Badtrans virus. I, however, was not so lucky and have had a fair amount of damage on my home PC when the virus came through as a reply to a job application, as I have recently finished a MSc in GIS (yes one of those 'starving students'), while in the process of buying virus protection software off the web! 

As a way of extra information for everyone the name the e-mail was addressed from was a 'chan.mai' or a name to that affect, with the attached file having 'HAMSTER' in the name field. 

I write this to you all as an apology should the virus send an email out (although I will soon be taking my name off the list until I can sort out and delete the virus properly).

Kind regards,


Stephen Buckland.


> Frank et al.,
> 
> Thanks for confirming that someone else has been hit.  We suffered no
> damage here, but did wonder about several recently received messages.
> 
> For those on the list who wish to learn more about this worm, go to:
> 
> <a href="/bti/redirect.html?<a href=avcenter/venc/data/w32.badtrans.b at mm.html" target="newLink"><a href=avcenter/venc/data/w32.badtrans.b at mm.html</a>
> 
> to see its effects and how to get rid of it.
> 
> >> The attached virus-file was identified as setup.exe.rdc<<
> 
> Actually, its a worm called w32.badtrans.
> 
> >>  and sender is called Jose M. Castello (surely a false name!) <<
> 
> On the contrary, Sr. Castello did participate on this list in the past
> month.
> 
> One aspect of this worm is that it replies to a message which has not been
> replied to before.  In other words, if an exchange of messages ends because
> there is nothing more to say, it is possible that the worm will pick the
> last message in the thread and reply to it.
> 
> One message that we received here had the appropriate subject line for the
> earlier exchange.
> 
> >> I was unable to identify the email address of the sender, however, there
> are  people working on it. <<
> 
> We had no trouble reading the addresses.  They may not be valid at this
> point, but they were certainly readable....
> 
> <soapbox>
> 
> At the risk of incurring the wrath of list members, I would respectively
> suggest that if you do not have virus software installed, or worse, if you
> cannot bother to keep it up to date, please do not subscribe to this list,
> or any other.  
> 
> Yes, there are undoubtedly some "starving students" who subscribe to the
> list, as well as participants from outside the US for whom virus software
> is a relative luxury.  However, I hope that they are the minority and that
> they will be as careful as possible regarding viruses.  Many of us on this
> list will gladly offer concrete suggestions for taking such care, if asked.
> 
> 
> </soapbox>
> 
> To Jim Hendee and the list operators, this worm came to light only
> recently.  However, Norton responded with new virus definitions within 1
> day, despite the holiday.  I'm sure that other AV software companies did
> the same.  We all need to pay attention.  I hope that no one else
> experienced anything more than a minor annoyance.  If not, check the URL
> above for instructions on how to remove the virus.
> 
> Yours for safer computing,
> 
> Chip McCarty
> ~~~~~~~
> For directions on subscribing and unsubscribing to coral-list or the
> digests, please visit www.coral.noaa.gov, click on Popular on the
> menu bar, then click on Coral-List Listserver.
> 

~~~~~~~
For directions on subscribing and unsubscribing to coral-list or the
digests, please visit www.coral.noaa.gov, click on Popular on the
menu bar, then click on Coral-List Listserver.