Re: [tied] Carlos Padilla

From: Rex H. McTyeire
Message: 11858
Date: 2001-12-17

Torsten: you are going a bit beyond the situation on the virus. It is
transmitted automatically by the infected system without the knowledge
of the owner, if not sufficiently protected. No one is singling you out
for attack. Badtrans (current variant .b, there are several) appends the
underscore to the real sending address (or a random one) for outgoing
autosend mail, so that replies do not get back to the machine spreading
the thing. It sets up with several files from attachments: a .pif and
.scr; then searches ALL incoming new, or stored (unopened or opened)
mail in the infected machine to find new recipients to facilitate spread
until it is stopped. Any mail received by an infected machine from
[tied] that was originated by you would give it the addresses of the
list, you, and any other list members included in your response. It can
and does also take random real email addresses from its < own list > and
uses them appended with the underscore to send. The only guilty party
is the originator/designer of the virus and variants, unless you want to
call everybody communicating without state of the art anti-virus
protection quilty by negligence. By the same coin, however, those who
are not protected enough to stop it are equally negligent. This virus
beats some older Norton and other AntiVirus systems, particularly if
passive system protection, and email in/out protection, are not turned
on (two separate areas of protection.) It does not use an attached .exe
file to infect the receiving machine, and doesn't have to be actively
opened by the unprotected recipient (which may be how it gets through
yahoo sometimes, as at least enough of this one did to trigger my Norton
defense.) In the current environment (last couple of months) if you do
list and email traffic: you must have a current AV system, updated
often: WITH passive system, and in/out email protection turned on (or
you are vulnerable.)

This McAfee support site will give you some more specific information on
the virus (and variants), how it works and spreads, as well as the
symptoms to look for in your machine (most you can find with file
search)

< http://vil.nai.com/vil/virusSummary.asp?virus_k=99069 >


SlĂ inte mhath;
Rex H. McTyeire

O-: From: tgpedersen

O-: _api1161v@...
O-:
O-: In contrast, the e-mail address of Carlos Padilla in the Members
list
O-: does not contain an underscore.
O-: Therefore, perhaps it is an outside job? Perhaps Carlos Padilla has
O-: registered a null password (as some people do out of laziness)?