Virus Alert: W32/BadTrans Worm Spreading

Over the weekend, home e-mail users have reported the spread of a new e-mail worm that targets vulnerabilities in Microsoft Outlook and Outlook Express to send itself to unanswered e-mail in the user's inbox.

According to user reports and virus resource sites, W32/BadTrans arrives with a message subject heading beginning with "Re:" - and often nothing else. The e-mail carries an attachment with two variable filename attachments; however, Windows may hide the existence of the second file extension from the user. Note that the virus can activate itself when the e-mail is viewed; turning off the Preview window option can help.

With the virus spreading over the weekend, CERT advised commercial e-mail system managers to block all e-mail bearing attachments with the extensions .scr and .pif. Home users should not open any e-mail that has an attachment in which the second extension is .pif or .scr. Any e-mail that has such an attachment should be deleted.

If activated, W32/BadTrans downloads an executable file, "Kernel32.exe" to the Windows directory and two other files to the Windows/System directory: "kdll.dll" and "cp_25389.nls". Kdll.dll includes a routine to record keystrokes and cached passwords from the infected computer into the "cp_25389.nls" file in encrypted form. The keystroke file is then mailed to one of several e-mail addresses.

The program also sets a registry key that will need to be removed. The process for complete removal of the virus and the registry key is explained at the Symantec Security Response Center. A tool for removing the virus is also provided at this site.

You may like these other stories...

While reputational risk is the No. 1 nonfinancial concern among corporate directors, cybersecurity/IT risk is gaining steam. In fact, both private companies and organizations with more than $1 billion in revenue felt they...
Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
As complex as federal tax can get, at least you're only dealing with one agency: the IRS. But when you get into state and local sales tax, you're coordinating hundreds of jurisdictions that are constantly changing....

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.