Trojans posted to me
Simon Waters
Simon at wretched.demon.co.uk
Thu Jul 12 13:23:11 UTC 2001
Marc.Thach at radianz.com wrote:
>
> In response to a posting on this group, I have just had a couple of emails
> posted to me which had attachments that our gateway deleted as trojan
> (TROJ_BADTRANS.A)
I had a brief discussion with the list admin a few weeks
back. Seem to be a lot of viruses out there replying to mail
on this list.
Since the list itself strips attachments, this is probably
just a sign of how many subscribers there are on the e-mail
version of the list.
Mostly I've seen MTX variants (The virus has different names
depending on anitvirus vendor), but it replies to unread
e-mail with a blank subject line and a copy of itself in the
attachment. Seems to work with both Outlook and Netscape
(must be using MAPI I guess).
If your gateway doesn't notify the sender for you, drop him
a line explaining that his PC is probably sending out
infected e-mails.
The MTX one is particularly hard to remove, and the SARC
tools to automate removal (A friend got infected recently by
opening an attachment - Ironically she was expecting an
attachment in reply to an e-mail she had just sent) didn't
remove all copies according to a later install of Norton
Antivirus. So had I not installed a full antivirus tool on
that PC it would eventually have started sending viruses
again.
More information about the bind-users
mailing list