I got the following message from my server today and thought it was worth
passing on.
Dick - KS0M
Sent: Wednesday, November 28, 2001 10:37 AM
Subject: KTIS VIRUS ALERT: Email Worm BadTrans">
> PLEASE READ THE FOLLOWING IMPORTANT PRESS RELEASE...
>
> Helsinki, Finland, November 26, 2001 - F-Secure Corporation
> (HEX:FSC) is
> alerting computer users worldwide of an email worm called > BadTrans.B.
> According to F-Secure, this worm is spreading fast through email messages
and installs a spying Trojan component to steal information from infected
systems.
>
> The worm was spotted in Europe on Saturday, November 24. It is expected
to keep on spreading significantly faster than the average worms, because
on
many systems it is capable of executing automatically when an infected
email is read.
>
> Badtrans spreads via e-mail, by locating all unread messages from a
systems e-mail inbox and replying to them. The messages have no content,
and the subject field is typically just "RE: ". There is an attachment
file called WHATEVER.EXE, but on systems with Internet Explorer 5.01
installed, the user never sees the attachment before it is automatically
executed.
> Because of the US Thanksgiving holiday , many users have a higher than
usual number of unread mails in their in-box, making the worm spread even
more widely than
> would normally be the case.
>
> Badtrans drops a spying Trojan into infected systems. This Trojan, which
is detected as Trojan.PSW.Hooker, will monitor keyboard activity, log
system passwords and send them out via email. Otherwise the worm won't
> try to delete files or generate massive amounts of network traffic.
|