Virus Alert: W32/BadTrans Worm Spreading

Over the weekend, home e-mail users have reported the spread of a new e-mail worm that targets vulnerabilities in Microsoft Outlook and Outlook Express to send itself to unanswered e-mail in the user's inbox.

According to user reports and virus resource sites, W32/BadTrans arrives with a message subject heading beginning with "Re:" - and often nothing else. The e-mail carries an attachment with two variable filename attachments; however, Windows may hide the existence of the second file extension from the user. Note that the virus can activate itself when the e-mail is viewed; turning off the Preview window option can help.

With the virus spreading over the weekend, CERT advised commercial e-mail system managers to block all e-mail bearing attachments with the extensions .scr and .pif. Home users should not open any e-mail that has an attachment in which the second extension is .pif or .scr. Any e-mail that has such an attachment should be deleted.

If activated, W32/BadTrans downloads an executable file, "Kernel32.exe" to the Windows directory and two other files to the Windows/System directory: "kdll.dll" and "cp_25389.nls". Kdll.dll includes a routine to record keystrokes and cached passwords from the infected computer into the "cp_25389.nls" file in encrypted form. The keystroke file is then mailed to one of several e-mail addresses.

The program also sets a registry key that will need to be removed. The process for complete removal of the virus and the registry key is explained at the Symantec Security Response Center. A tool for removing the virus is also provided at this site.

You may like these other stories...

In the old days, we used to tape down receipts from our travels and submit them to accounts payable. But that was before remote employees who may live in a different city from the home office. And of course, there's all...
In 2011, electrical services and technology provider Parsons Electric in Minneapolis, Minn., decided to take its accounting to the cloud. Monica Ross, the company's director of strategic projects, talked with AWEB about...
Event Date: July 24, 2014, 2 pm ET In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.