Skip to main content /TECH with IDG.net
CNN.com /TECH
MAIN PAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW
SCI-TECH
SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
IN-DEPTH

VIDEO
LOCAL
CNN NEWSWATCH
E-MAIL SERVICES
CNNtoGO
ABOUT US/HELP

CNN TV
what's on
show transcripts
CNN Headline News
CNN International
askCNN

EDITIONS
CNN.com Asia
CNN.com Europe
CNNenEspanol.com
CNNArabic.com
set your edition





'Badtrans' worm picks up speed

By Daniel Sieberg
CNN Sci-Tech

(CNN) -- An Internet worm that leaves a backdoor for hackers and allows them to record keystrokes spread rapidly Monday, officials of several antivirus companies said.

The worm, called "Badtrans.b," is a variant of an earlier identified worm and sends itself out through versions of Microsoft's Outlook and Outlook Express e-mail programs.

It was reported to have infected thousands of computers in the United States and Europe by late afternoon on Monday and was continuing to propagate. To date, security firm MessageLabs said it has captured more than 13,000 copies of the worm.

"The fact that this worm can log private details through key strokes has huge implications for personal and corporate confidentiality and underlines the recent advances in virus writing techniques," said Andy Faris, president of MessageLabs Americas.

Faris said home users are the most susceptible to Badtrans since most corporations can stop it at the Internet gateway.

What troubles security experts most is that if users are viewing e-mail in the preview pane of Outlook, the worm can be spawned without even clicking on an attachment. Double-clicking on the attachment will also launch it.

"It's certainly not on the scale of 'Love Letter' or even 'Sircam.' But the way it exploded over the last two days, it's certainly in the Top 5 Internet worms for this year," said April Goostree, virus research manager at antivirus firm McAfee.

Once Badtrans is launched, it begins distributing files on the infected user's machine and installs the backdoor program, giving a potential hacker remote access. The damaging payload also drops a "keylogger" program that records everything a person types -- a means to steal credit card information and passwords.

Goostree said the keystroke data was being sent to a Web site that has subsequently been shut down. She said it was unclear how many people may have had access to it, and she was also not aware of any reports of people's information being stolen to date.

Social engineering

The social engineering of Badtrans is equally nefarious: It arrives in the recipient's in-box with a "Re:" subject line that appears to be a response to an e-mail actually sent by the user.

It then sends itself out to all unread messages in a person's inbox. This e-mailing process will not begin until the computer has been rebooted, Goostree said.

A variety of extensions may appear on the attachment, such as .zip, .doc and .mp3.

According to technicians at antivirus company Symantec, the list of possible attachment file names can include:

• Humor
• docs
• s3msong
• Me_nude
• Card
• SearchURL
• YOU_are_FAT!
• news_doc
• images
• smPics

"It really hit over our Thanksgiving weekend," said Sharon Ruckman, senior director of Symantec's security response team. "We saw instances of this in Europe on Saturday."

Ruckman said that because of the high number of submissions on Monday, Symantec has increased its threat-ranking of the worm from 3 to 4, out of a possible 5.

"People need to make sure the security patches on their computer are updated and they have the latest antivirus software," said Ruckman.



 
 
 
 


RELATED STORIES:
• Record year for security breaks expected
November 26, 2001
• 'Badtrans' worm leaves backdoors, logs data
November 26, 2001
• Instant-messaging tool for hackers poses a threat
November 26, 2001
• New 'Nimda' variant hits Net, users urged to patch
November 1, 2001
• Nimda needs harsh disinfectant
September 26, 2001
• Companies examine cyber-security
September 21, 2001
• Viruses are getting faster, tougher
September 20, 2001

RELATED SITES:
• Patch from Microsoft site
• MessageLabs
• Symantec
• McAfee

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars
• New telemarketer tool trumps TeleZapper
• Terra Lycos logs $2.2B loss
• AOL to offer song downloads
• Microsoft seeks fiscal fountain of youth

(More)

 Search   

Back to the top
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.