pl.net news: 29/112001

Posted on 29th November 2001

W32/Badtrans-B Virus

People are are getting (anybody) and sending (Microsoft mail users) a new
virus W32/Badtrans-B, it is a pretty normal virus with a slight strain
change. The virus does the usual send email to everyone on address book"
trick and it can install a password stealing trojan on your Windows
operating system if you use Windows. Look for this latter file in your
Windows directory \Windows\System\Kdll.dll and delete it.

As usual Microsoft products are the target Outlook Express 5 in particular
wherein you don't need to open the email, just previewing it installs the
virus.

The best anti-virus site is Symantec http://www.symantec.com/avcenter/

Here once again are the obligatory practices to avoid viruses, especially
important if you really insist on using Microsoft products.

1) Use an anti-virus programme, McAfee recommended by PlaNet. Update the
antivirus capability immediately, and try to continue doing so every week.
PlaNet can get this update emailed to you if you are known users of McAfee
and a PlaNet user.

2) If you use Outlook, make sure you go to to Microsofts site regularly for
security patches. Most viruses target Outlook because its security is poor
and its maker is rich.

3) Stop using Outlook. If you keep using Outlook, it is not unlikely that
you will get a virus one day, even if you religiously install all the
patches, due to inevitable `window of opportunity between discovery of
virus and patch issue.

4) Use webmail, where the email is not downloaded to your machine. PlaNet's
webmail is at http://pl.net/email

5) Use email programmes like Eudora (www.eudora.com) or New Zealand's own
Pegasus (http://www.pmail.com/). These will not stop you clicking on
attachments which give you a virus, but will stop the poor security of MS
Outlook which makes virus-spreading an inevitability.

6) In order to prevent emailing everyone in you address book, create an
invalid email address in it. In Outlook create a new contact (in Eudora
create a new nickname) - enter an invalid email address which will cause
the send to everyone to fail (eg $#&%@) as an invalid email address. It
won't stop the virus from doing anything else, but it will stop you
becoming part of the problem by emailing it to others, a most unfriendly
things to do.