Virus Alert: W32/BadTrans Worm Spreading

Over the weekend, home e-mail users have reported the spread of a new e-mail worm that targets vulnerabilities in Microsoft Outlook and Outlook Express to send itself to unanswered e-mail in the user's inbox.

According to user reports and virus resource sites, W32/BadTrans arrives with a message subject heading beginning with "Re:" - and often nothing else. The e-mail carries an attachment with two variable filename attachments; however, Windows may hide the existence of the second file extension from the user. Note that the virus can activate itself when the e-mail is viewed; turning off the Preview window option can help.

With the virus spreading over the weekend, CERT advised commercial e-mail system managers to block all e-mail bearing attachments with the extensions .scr and .pif. Home users should not open any e-mail that has an attachment in which the second extension is .pif or .scr. Any e-mail that has such an attachment should be deleted.

If activated, W32/BadTrans downloads an executable file, "Kernel32.exe" to the Windows directory and two other files to the Windows/System directory: "kdll.dll" and "cp_25389.nls". Kdll.dll includes a routine to record keystrokes and cached passwords from the infected computer into the "cp_25389.nls" file in encrypted form. The keystroke file is then mailed to one of several e-mail addresses.

The program also sets a registry key that will need to be removed. The process for complete removal of the virus and the registry key is explained at the Symantec Security Response Center. A tool for removing the virus is also provided at this site.

You may like these other stories...

There's thunder and lightning in the cloud these days. And the rumbling is all about security. Could peer-to-peer file transfers be the answer? As the old accounting adage goes, there's more than one way to skin a...
Saving Excel spreadsheets as PDF files has gotten incrementally easier over the years, but can still require more effort than necessary. When saving a document as a PDF, many users go through several mouse clicks on the File...
Imagine being able to file a business expense, such as a cab ride or a meal with a new client, in real time from an app on your smartphone. Here’s the best part: Imagine being reimbursed for that expense in 24 to 48...

Already a member? log in here.

Upcoming CPE Webinars

Nov 5Join CPA thought leader and peer reviewer Rob Cameron and learn ways to improve the outcome of your peer reviews while maximizing the value of your engagement workflow.
Nov 18In this session Excel expert David Ringstrom, CPA tackles what to do when bad things happen to good spreadsheets.
Nov 19How do you minimize redundant work and unnecessary steps to maximize the amount of work moving through your firm?
Nov 20Kristen Rampe will share how to uncover new opportunities with your clients by asking powerful questions.