The virus works by "answering" unread emails on the infected computer. Mr.
Ring appears not to be keeping up with the list ;-)
Interestingly, if an infected computer sends an email to another infected
computer, an "endless" loop of emails starts, until one or the other
computer's email server crashes from the overload.
-----Original Message-----
From: Fred Cisin (XenoSoft) [mailto:cisin@xenosoft.com]
Sent: Wednesday, November 28, 2001 11:55 AM
To: Classic Computers Mailing List
Subject: Re: Spam from _sring(a)uslink.net?
On Wed, 28 Nov 2001, Vintage Computer Festival wrote:
> Looks like the Classiccmp archives may have been broached by some lame
> spammer. Has anyone else gotten an audio file from S. Ring
> <_sring(a)uslink.net> with an audio file attachment, bearing the subject of
> an old CC message?
THAT AIn'T NO AUDIO FILE!!!!!
Take a closer look at the extension! AFTER the MP3, JPG, DOC whatever
extension, it has ANOTHER extension of .SCR or .PIF.
THAT is the BADTRANS virus.
--
Grumpy Ol' Fred cisin(a)xenosoft.com
Umm, maybe I'm falling for a joke, but the most recent thread here
is about that very message containing the hot new W32.Badtrans.b virus...
--- David A Woyciesjes
--- C & IS Support Specialist
--- Yale University Press
--- mailto:david.woyciesjes@yale.edu
--- (203) 432-0953
--- ICQ # - 905818
! -----Original Message-----
! From: Vintage Computer Festival [mailto:vcf@vintage.org]
! Sent: Wednesday, November 28, 2001 12:29 PM
! To: Classic Computers Mailing List
! Subject: Spam from _sring(a)uslink.net?
!
!
!
! Looks like the Classiccmp archives may have been broached by some lame
! spammer. Has anyone else gotten an audio file from S. Ring
! <_sring(a)uslink.net> with an audio file attachment, bearing
! the subject of
! an old CC message?
!
! Sellam Ismail Vintage
! Computer Festival
! --------------------------------------------------------------
! ----------------
! International Man of Intrigue and Danger
! http://www.vintage.org
!
! * Old computing resources for business and academia at
! www.VintageTech.com *
!
!
Well, my Norton is set to automatically update every week. Also, as
soon as I heard about it (badtrans) on Tuesday morning (when I came back
>from being out since last wednesday) I updated the latest virus definitions,
to the 11/24 version. Not sure if earlier defs knew about it...
--- David A Woyciesjes
--- C & IS Support Specialist
--- Yale University Press
--- mailto:david.woyciesjes@yale.edu
--- (203) 432-0953
--- ICQ # - 905818
! -----Original Message-----
! From: Jeffrey S. Sharp [mailto:jss@subatomix.com]
! Sent: Wednesday, November 28, 2001 12:08 PM
! To: 'classiccmp(a)classiccmp.org'
! Subject: RE: S. Ring has badtrans virus
!
!
! On Wed, 28 Nov 2001, David Woyciesjes wrote:
!
! > Well, I'm running Norton Corporate Edition, with Outlook
! 2000, and it
! > scans my e-mail as it comes in, before I even read the
! message! Works
! > out nice :-)
!
! Was it prescient enough to detect Badtrans.b? If Badtrans.b is a new
! virus, it almost sounds fishy that NAV *already* knew how to
! discover it.
!
! --
! Jeffrey S. Sharp
! jss(a)subatomix.com
!
! > Well, I'm running Norton Corporate Edition, with Outlook
! > 2000, and it scans my e-mail as it comes in, before I
! > even read the message! Works out nice :-)
! I am assuming NCE include Norton Anti-Virus...
Actually it's the Corporate Edition of Norton Anti-Virus.
! ...On the Norton Utilities Systemworks AV is installed to
! automatically scan your email for virii...
Yeah, I remember that option from that memory-hog version...
! ...But the way it does it is *very* questionable. The email
! is routed to one of their servers before being routed to you
! inbox...
NCE doesn't work it that way, well at least in our setup. We install it as
an unmanaged system (no central Norton server here.) Basically a standalone
install. We could have a central server here to 'manage' the copies of NCE
installed on the clients, maybe that's what you're referring to. Symantec
hijacking your e-mail sounds wierd, and in-efficient.
! ...I only happened to find this out *after* everything was
! installed because I also use Zone Alarm...
! I then found out that the install had modified Outlook.
! Nowhere in the install was I told that this was happening!!!
Yeah, the install has to modify Outlook somewhat. It gives the option to
install a plug-in, to allow it to scan the messages as they come in. I much
prefer it that way, since I leave Outlook open all day, and recieve at
_least_ 200 messages a day.
Yes, vigilance (and a different e-mail program) are my preferred method, but
work here pretty much requires the use of Outlook.
It's actually a nice program, if it weren't for the plentiful virus
'features'.
--- David A Woyciesjes
--- C & IS Support Specialist
--- Yale University Press
--- mailto:david.woyciesjes@yale.edu
--- (203) 432-0953
--- ICQ # - 905818
Well, I'm running Norton Corporate Edition, with Outlook 2000, and it scans
my e-mail as it comes in, before I even read the message! Works out nice :-)
--- David A Woyciesjes
--- C & IS Support Specialist
--- Yale University Press
--- mailto:david.woyciesjes@yale.edu
--- (203) 432-0953
--- ICQ # - 905818
! -----Original Message-----
! From: Jeff Hellige [mailto:jhellige@earthlink.net]
! Sent: Wednesday, November 28, 2001 9:25 AM
! To: classiccmp(a)classiccmp.org
! Subject: Re: S. Ring has badtrans virus
!
!
! > It was sent to me 'personally', ie not as a classiccmp
! post. Since it
! >was an unsolicited attachment from an unacknowledged source,
! it filed it
! >in /dev/nul.
!
! I got it as well but followed the same logic you did. I also
! received the virus once over the weekend as well, but it wasn't from
! a list subscriber. I don't use Outlook on my Mac's and don't have
! autopreview turned on when I'm using it under NT.
!
! Jeff
! --
! Home of the TRS-80 Model 2000 FAQ File
! http://www.cchaven.com
! http://www.geocities.com/siliconvalley/lakes/6757
!
> I am assuming NCE include Norton Anti-Virus.. On the Norton Utilities
> Systemworks AV is installed to automatically scan your email for virii...
> But the way it does it is *very* questionable.. The email is routed to one
> of their servers before being routed to you inbox.
>
> I only happened to find this out *after* everything was installed because I
> also use Zone Alarm. I then found out that the install had modified
Outlook.
> Nowhere in the install was I told that this was happening!!!
Network Associates' Groupshield Exchange and Computer Associates'
eTrust InoculateIT! Exchange Option scan the mail as it comes in
to the server and what gets put in the inbox has been sanitized...
except, apparantly, the BADTRANS virus. Fortunately, the client-
side realtime scanner caught it...
-dq
> -----Original Message-----
> From: MTPro(a)aol.com [mailto:MTPro@aol.com]
> question has not been adulterated with a ROM upgrade or
> screen modification,
> etc., it can run the Lisa OS - any Lisa 2 or Mac XL. All Mac
> XLs are Lisa 2s,
Well, the screen-mod isn't necessarily a show-stopper. Lisa OS really
doesn't care, from my limited experience with just the kind of Mac XL you
speak of at the end of this post. You can pull the glue off of a couple of
pots in the monitor (clearly labeled at that, IIRC), and adjust the aspect
ratio of the screen back to normal Lisa style.
> Macintosh XL: The Macintosh XL is exactly the same as a Lisa
> 2/10. Only the
> sticker on the box, the operating system, and the instruction
> manuals are
> different. Instead of Lisa OS, the bundled OS is Macintosh
> System software
> and MacWorks XL, a Lisa program which allows 64K Macintosh
> ROM emulation. If
> you have MacWorks XL instead of Lisa OS disks, a 10MB
> internal hard drive, no
> Lisa Lite card, and a 1.8-A power supply, yours is probably a
> MacintoshXL.
It should be noted here that the Macintosh system software is arguably not
the operating system in this case. (MacWorks is... If I understand correctly
it's slightly more of an emulation than simply providing the toolbox ROM.)
> them in December 1989 for $1095 had started life as a Lisa 2/5. Sun
> Remarketing had installed the screen modification kit (giving
> it square
> pixels like a Mac instead of it's native rectangular ones),
Again, I think "installed the screen modification kit" might be giving them
too much credit, since it seemed with mine that they only did some pot
tweaking. :)
> Mac Plus 128k
> ROMs to support the installed 800k drive and a Sun
> Remarketing installed
Now this is interesting. As I mentioned in a previous post, they had
something in mind called an "XLerator," which seemed to be a daughterboard
kind of setup that took the place of the entire 68k cpu, and replaced it
with a conglomeration of Mac junk. :) (No offense to Mac people, but I
wanted a Lisa, and this prevented Lisa OS from booting ;)
I may at some point try to get that CPU board working (by which I mean,
actually booting Lisa OS) again.
Regards,
Chris
Christopher Smith, Perl Developer
Amdocs - Champaign, IL
/usr/bin/perl -e '
print((~"\x95\xc4\xe3"^"Just Another Perl Hacker.")."\x08!\n");
'
It drove me nuts as the work sys is W95 and outlookdistress.
I wanted to summary delete it but Norton antivirus would pitch
a fit if I even touched the mail. I have the outlook features
turned off but the antivirus is too efficient. only solution was
to isolate the machine just in case(pull net connection, drop
modem) and purge mail. What a PITA! Wishing I used VMS
at work or at least linux.
Allison
-----Original Message-----
From: Jeff Hellige <jhellige(a)earthlink.net>
To: classiccmp(a)classiccmp.org <classiccmp(a)classiccmp.org>
Date: Wednesday, November 28, 2001 10:52 AM
Subject: Re: S. Ring has badtrans virus
>> It was sent to me 'personally', ie not as a classiccmp post. Since it
>>was an unsolicited attachment from an unacknowledged source, it filed it
>>in /dev/nul.
>
> I got it as well but followed the same logic you did. I also
>received the virus once over the weekend as well, but it wasn't from
>a list subscriber. I don't use Outlook on my Mac's and don't have
>autopreview turned on when I'm using it under NT.
>
> Jeff
>--
> Home of the TRS-80 Model 2000 FAQ File
> http://www.cchaven.com
> http://www.geocities.com/siliconvalley/lakes/6757
Who was the fellow looking for an Apple ][ joystick? I have one for you.
E-mail me privately.
Sellam Ismail Vintage Computer Festival
------------------------------------------------------------------------------
International Man of Intrigue and Danger http://www.vintage.org
* Old computing resources for business and academia at www.VintageTech.com *