To: Seafood HACCP Mailing List
IFT Seafood Technology Division Mailing List
Fr: Pamela Tom, UC Davis HACCP, and IFT Division List Owner
Please excuse the cross posts in case you are receiving duplicate
messages.
Fortunately, the mailing lists have NOT transmitted the worm described
below. BUT, some of the mailing list subscribers are infected, and are
sending me messages directly.
Therefore, I want to alert you to be cautious of messages that contain the
words, "Audio/X-WAV 39kb; 'Attached Text'" that you might receive from
your colleagues.
For the past couple of days I've been receiving these weird messages.
Initially I thought that they were worms, but I couldn't find any
definitions either with McAfee or Symantec and I didn't recognize the
senders.
However, today I received messages from two different colleagues on the
HACCP mailing list and the IFT Seafood Technology Division mailing list.
They have been notified that their subscription has been deleted until
they can disinfect their computer.
Consequently I became more diligent in trying to track the worm, and I
found its identity:
W32.Badtrans.B@mm
Information on the worm is on the web at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99069&
The message text of each worm is consistent and contains the text in the
body of the message: audio/X-WAV, attached text. The worm also modifies
the sender's e-mail address. In today's two messages, the worm added "_"
at the beginning of the subscriber's e-mail address. An actual example of
the message is attached below:
>From _name@food.teithe.gr Sun Dec 2 19:02:11 2001
Date: Sat, 1 Dec 2001 08:29:05 +0200 (EET)
From: name <_name@food.teithe.gr>
To: pdtom@ucdavis.edu
Subject: Re: IFT Annual Meeting Information on the Website
[ Part 2, Audio/X-WAV 39KB. ]
[ Unable to print this part. ]
[ Part 3: "Attached Text" ]
NOTE TO SEAFOOD HACCP MAILING LIST SUBSCRIBERS, the University of
California's computer folks are meeting December 13, 2001 to discuss
firewall options in preventing the transimission of viruses via mailing
lists. The computer folks estimate that the software will cost about
$80,000 to purchase. I informed the computer folks of my endorsement for
anti virus protection for the mailing list and that the viral damage
resulting in countless work hours lost are far greater than the cost of
the software. Hopefully in mid-December I'll have some positive news to
share about UCD and its firewall policy. (Currently, there is no
firewall. However, over Thanksgiving weekend, there were numerous viruses
that affected other systems on campus. This mailing list and the
SeafoodNIC were spared.)
--------------------------------------------------------------
This is the Seafood HACCP Discussion Group. Information is
available on the web at:
http://seafood.ucdavis.edu/listserv/Listserv.htm
For inquiries on subscribing to the list, e-mail: pdtom@ucdavis.edu
To subscribe, e-mail listproc@ucdavis.edu with the message:
subscribe seafood [your first name] [your last name]
To unsubscribe, e-mmail listproc@ucdavis.edu with the message:
unsubscribe seafood
Files from the seafood HACCP listserv are now archived at:
http://listproc.ucdavis.edu/archives/seafood/
--------------------------------------------------------------
======================================================================
Pamela Tom, Program Representative - Sea Grant Extension Program
Web: http://seafood.ucdavis.edu - Seafood Network Information Center
Mailing Address: Food Science & Technology Dept.
University of California
One Shields Avenue
Davis, CA 95616-8598 USA
This archive was generated by hypermail 2b29 : Sun Dec 02 2001 - 19:54:01 PST