find us on facebook!

Emex 3

High Speed Verifier
Mailing List Wizard

Outlook Extractors
IMAP Extractors
  

Badtrans E-mail Worm On The Rise


November 27, 2001

Just like a bad penny that always seems to turn up, an e-mail worm that is distributed via e-mail to Microsoft Outlook users is rearing its ugly head again.

Anti-virus experts at McAfee.com (NASDAQ:MCAF) Monday say they have been receiving widespread reports of the Badtrans Internet worm from home users and small businesses.

Home users sending holiday e-mail to family and friends may be at greater risk, since the e-mail uses the sender's familiar return address and includes attachments with names such as "Pics," "News," "Cards" and "Images" to distribute its payload.

The message body may contain the text:

Take a look to the attachment.

The payload contains a "backdoor trojan" which provides hackers access to an infected computer and a "keylogger" program which can capture and store personal data, such as credit card numbers and passwords. The IP address of infected computers is e-mailed back to the virus author.

The virus is more annoying than destructive, but does e-mail itself to addresses in your e-mail address book. And since there has been a large spike in reports, the Sunnyvale, Calif.-based company's AVERT team is raising the risk assessment of the virus to Medium On Watch.

We first discovered this variant in Europe on Friday but since people have been coming back to the office from the four-day weekend we have seen this worm spread very quickly," says McAfee.com virus researcher April Goostree.

Goostree says this is the "B" variant of the Internet worm, W32/Badtrans@MM, which was originally discovered back in April.

This worm utilizes MAPI messaging to mail itself to regular e-mail correspondence. It will arrive as an attachment that is 13,312 bytes in length and uses one of the following names:

Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
New_Napster_Site.DOC.scr
news_doc.scr
Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif

The company says some of these filenames are also associated with other threats, such as W95/MTX.gen@M.

McAfee.com anti-virus experts recommend that computer users update their anti-virus applications and services frequently to prevent infection from the Badtrans worm and other digital threats.

Source: http://siliconvalley.internet.com/

By Michael Singer

«

 
(c) EMMA Labs, 2024 | No Spam Policy