Virus Alert: W32/BadTrans Worm Spreading

Over the weekend, home e-mail users have reported the spread of a new e-mail worm that targets vulnerabilities in Microsoft Outlook and Outlook Express to send itself to unanswered e-mail in the user's inbox.

According to user reports and virus resource sites, W32/BadTrans arrives with a message subject heading beginning with "Re:" - and often nothing else. The e-mail carries an attachment with two variable filename attachments; however, Windows may hide the existence of the second file extension from the user. Note that the virus can activate itself when the e-mail is viewed; turning off the Preview window option can help.

With the virus spreading over the weekend, CERT advised commercial e-mail system managers to block all e-mail bearing attachments with the extensions .scr and .pif. Home users should not open any e-mail that has an attachment in which the second extension is .pif or .scr. Any e-mail that has such an attachment should be deleted.

If activated, W32/BadTrans downloads an executable file, "Kernel32.exe" to the Windows directory and two other files to the Windows/System directory: "kdll.dll" and "cp_25389.nls". Kdll.dll includes a routine to record keystrokes and cached passwords from the infected computer into the "cp_25389.nls" file in encrypted form. The keystroke file is then mailed to one of several e-mail addresses.

The program also sets a registry key that will need to be removed. The process for complete removal of the virus and the registry key is explained at the Symantec Security Response Center. A tool for removing the virus is also provided at this site.

You may like these other stories...

Regulatory compliance, risk management and cost-cutting are the big heartburn issues for finance execs in the C-suite. Yet financial planning and analysis—a key antacid—is insufficient.That's just one of the...
Continuing its efforts to simplify accounting procedures, the FASB has issued a proposed Accounting Standards Update on customer fees paid in a cloud computing arrangement. The newly-proposed update (Intangibles—...
How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...

Already a member? log in here.

Upcoming CPE Webinars

Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 10
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.