find us on facebook!

Badtrans E-mail Worm On The Rise

November 27, 2001

Just like a bad penny that always seems to turn up, an e-mail worm that is distributed via e-mail to Microsoft Outlook users is rearing its ugly head again.

Anti-virus experts at (NASDAQ:MCAF) Monday say they have been receiving widespread reports of the Badtrans Internet worm from home users and small businesses.

Home users sending holiday e-mail to family and friends may be at greater risk, since the e-mail uses the sender's familiar return address and includes attachments with names such as "Pics," "News," "Cards" and "Images" to distribute its payload.

The message body may contain the text:

Take a look to the attachment.

The payload contains a "backdoor trojan" which provides hackers access to an infected computer and a "keylogger" program which can capture and store personal data, such as credit card numbers and passwords. The IP address of infected computers is e-mailed back to the virus author.

The virus is more annoying than destructive, but does e-mail itself to addresses in your e-mail address book. And since there has been a large spike in reports, the Sunnyvale, Calif.-based company's AVERT team is raising the risk assessment of the virus to Medium On Watch.

We first discovered this variant in Europe on Friday but since people have been coming back to the office from the four-day weekend we have seen this worm spread very quickly," says virus researcher April Goostree.

Goostree says this is the "B" variant of the Internet worm, W32/Badtrans@MM, which was originally discovered back in April.

This worm utilizes MAPI messaging to mail itself to regular e-mail correspondence. It will arrive as an attachment that is 13,312 bytes in length and uses one of the following names:


The company says some of these filenames are also associated with other threats, such as W95/MTX.gen@M. anti-virus experts recommend that computer users update their anti-virus applications and services frequently to prevent infection from the Badtrans worm and other digital threats.


By Michael Singer


(c) EMMA Labs, 2024 | No Spam Policy