[email protected] mass mailing e-mail worm on the loose!


VIRUS ALERT! [email protected] mass mailing e-mail worm


This question was answered on November 29, 2001. Much of the information contained herein may have changed since posting.

The [email protected] mass mailing e-mail worm is infecting a large

number of computers and contines to spread very quickly.

In most cases, simply reading an e-mail message will not allow you to contract a virus since most virus/worm code is hidden in attachments that accompany e-mail messages

Generally, you must open the attachment in order to contract the virus/worm, but not in the case of the [email protected] mass mailing worm

It takes advantage of a vulnerability in Microsoft¹s Outlook and Outlook Express that instructs your e-mail program to automatically open the attachment when you open the message

This worm can appear as a music file, a picture, a document or a zip

(compressed) file The subject line and attachment names will vary, so there is no specific signature that you can look for...

It relies upon an exploit in unpatched versions of Microsoft Outlook and Outlook Express

To fix the exploit, you can download a patch at:

<a href="http://www.microsoft.com/technet/security/bulletin/MS01-020.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/security/bulletin/MS01-020.asp</b></font></a>

Detection, protection and removal instructions can be found at the

following sites:

Norton Anti-virus users can get more info at:

<a href="http://www.sarc.com/avcenter/venc/data/[email protected]" target="_blank"><font color="#003399">>http://www.sarc.com/avcenter/venc/data/[email protected]mm.html</font></a>

McAfee Anti-virus users can get more info at:

<a href="http://www.mcafee.com/anti-virus/viruses/badtrans/default.asp?cid=2607" target="_blank"><font color="#003399">>http://www.mcafee.com/anti-virus/viruses/badtrans/default.asp?cid=2607</b></font></a>

Trend Micro users can get more info at:

<a href="http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.B" target="_blank"><font color="#003399">>http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.B</b></font></a>

If you receive an infected message from other, refer them to the

information listed above...

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!


Posted by Ken of Data Doctors on November 29, 2001