November 28th, 2001 09:04 PM
'Badtrans' worm picks up speed
This is a resent report over the new worm thats spreading over the internet. the full story can be viewed here:
The worm, called "Badtrans.b," is a variant of an earlier identified worm and sends itself out through versions of Microsoft's Outlook and Outlook Express e-mail programs.
It was reported to have infected thousands of computers in the United States and Europe by late afternoon on Monday and was continuing to propagate. To date, security firm MessageLabs said it has captured more than 13,000 copies of the worm.
"The fact that this worm can log private details through key strokes has huge implications for personal and corporate confidentiality and underlines the recent advances in virus writing techniques," said Andy Faris, president of MessageLabs Americas.
Faris said home users are the most susceptible to Badtrans since most corporations can stop it at the Internet gateway.
What troubles security experts most is that if users are viewing e-mail in the preview pane of Outlook, the worm can be spawned without even clicking on an attachment. Double-clicking on the attachment will also launch it.
"It's certainly not on the scale of 'Love Letter' or even 'Sircam.' But the way it exploded over the last two days, it's certainly in the Top 5 Internet worms for this year," said April Goostree, virus research manager at antivirus firm McAfee.
Once Badtrans is launched, it begins distributing files on the infected user's machine and installs the backdoor program, giving a potential hacker remote access. The damaging payload also drops a "keylogger" program that records everything a person types -- a means to steal credit card information and passwords.
Goostree said the keystroke data was being sent to a Web site that has subsequently been shut down. She said it was unclear how many people may have had access to it, and she was also not aware of any reports of people's information being stolen to date.