MSN Hotmail Scan Fails To Detect Viruses - TechRepublic
General discussion
January 23, 2002 at 04:56 PM
glenb1

MSN Hotmail Scan Fails To Detect Viruses

by glenb1 . Updated 24 years, 3 months ago

Twice in the last three days I have had an email sent to my MSN Hotmail account with an attachment that MSN displays as a text file attachment at the bottom of the page. The headers display two attachments, however, with one being a PIF file. Without headers turned on (they are off by default), one would not know that there was actually two attachments.

Wait, it gets worse. When you click on the text file attachment, Hotmail takes you to a page where it reports that it has scanned the attachment (in this case, a file called “text5.txt”), and found no viruses. It presents you with a button that says “Download File”. Click on it and a dialog box comes up asking what you want to do with the file – download it or run the file from it’s current location. The name of the file you are downloading? No, it’s not called text5.txt anymore, it’s now being reported as “getmsg.com”. Suddenly, your text file attachment has turned into a self-running executable.

Have you guessed the ending to this story? The file, “getmsg.com”, is infected with a virus called “W32.Badtrans.B@mm”. W32/Badtrans-B is an email-aware worm which uses MAPI to spread. The worm forwards itself to addresses found on the infected computer as an email message with no message text. Norton Anti-Virus detected it as soon as tried to save the file to disk.

So why does MSN Hotmail, and McAfee anti-virus, the software Hotmail uses to scan attachments, fail to detect this virus? Why is the text file the only attachment listed outside of the headers, and why is it being reported as 0b (zero bytes), when it is actually a 40KB file with the virus encoded within it?

If you use Hotmail, beware!

This discussion is locked

All Comments