DialogueScience, Inc. informs

Virus-writers use the same trap

Unfortunately, PC-users keep getting caught into them. The BadTrans virus (to be more exact - its new modification # 2) uses the same well-known loophole in the MS Outlook, which had been used by ill-known Nimda and Aliz. This loophole (a program code mistake, which was found, described and patched already in March 2001) allows the attached file to get launched automatically when the letter is read.

Doctor Web recognizes the new BadTrans virus modification since the last week and this signature is included in the regular virusbase add-on # 9 under the name Win32.HLLW.Badtrans (the same as for the first virus modification, which is known since April 2001). Therefore, all those updating virus databases on the regular basis and using SpIDer Guard resident monitor (guard) will not suffer.

Still, the most reliable way to protect oneself from this type of viruses is to download and install the appropriate patch, which was long ago made available on the Microsoft Corporation server. Please find a detailed information about the MS Internet Explorer "loopholes" used by this virus as well as an appropriate patch on
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

November 28, 2001
DialogueScience Information Service
http://www.antivir.ru
E-mail: Antivir@antivir.ru
Back Some other interesting viruses
Copyright © 2001 DialogueScience, Inc., Moscow, Russia. All rights reserved.