Badtrans E-mail Worm On The Rise
November 27, 2001
Just like a bad penny that always seems to turn up, an e-mail worm that is distributed via e-mail to Microsoft Outlook users is rearing its ugly head again.
Home users sending holiday e-mail to family and friends may be at greater risk, since the e-mail uses the sender's familiar return address and includes attachments with names such as "Pics," "News," "Cards" and "Images" to distribute its payload.
The message body may contain the text:
Take a look to the attachment.
The payload contains a "backdoor trojan" which provides hackers access to an infected computer and a "keylogger" program which can capture and store personal data, such as credit card numbers and passwords. The IP address of infected computers is e-mailed back to the virus author.
The virus is more annoying than destructive, but does e-mail itself to addresses in your e-mail address book. And since there has been a large spike in reports, the Sunnyvale, Calif.-based company's AVERT team is raising the risk assessment of the virus to Medium On Watch.
We first discovered this variant in Europe on Friday but since people have been coming back to the office from the four-day weekend we have seen this worm spread very quickly," says McAfee.com virus researcher April Goostree.
Goostree says this is the "B" variant of the Internet worm, W32/Badtrans@MM, which was originally discovered back in April.
This worm utilizes MAPI messaging to mail itself to regular e-mail correspondence. It will arrive as an attachment that is 13,312 bytes in length and uses one of the following names:
The company says some of these filenames are also associated with other threats, such as W95/MTX.gen@M.
McAfee.com anti-virus experts recommend that computer users update their anti-virus applications and services frequently to prevent infection from the Badtrans worm and other digital threats.