Badtrans worm carries a password-stealing Trojan

Opening this mass-mailing worm's attachment could leave you stranded in an email traffic jam.

Badtrans is an Internet worm that sends copies of itself by replying to all unread email found on the infected computer. Badtrans also carries a password-stealing Trojan horse. Although Badtrans does not damage individual computers infects, but it may increase traffic on email servers to excessive levels forcing them to shut down. Reports of Badtrans are increasing slowly worldwide, and several antivirus software vendors have issued alerts.

How it works
Badtrans arrives as an email, usually carrying a subject line in response to an email you have previously sent.

Subject: (anything)

Body: "Take a look to the attachment".

Attachment: Badtrans randomly chooses from one of the following file names:


    Pics.ZIP.scr
    images.pif
    README.TXT.pif
    New_Napster_Site.DOC.scr
    news_doc.scr
    hamster.ZIP.scr
    YOU_are_FAT!.TXT.pif
    searchURL.scr
    SETUP.pif
    Card.pif
    Me_nude.AVI.pif
    Sorry_about_yesterday.DOC.pif
    s3msong.MP3.pif
    docs.scr
    Humor.TXT.pif
    fun.pif

If one of the above files is opened, Badtrans displays this message:


    "File data corrupt probably due to bad data transmission or bad disk access."

Badtrans then copies itself to the Windows directory under the name IDETD.EXE and adds this file name to the Win.ini file so that the file runs each time the computer restarts.

Badtrans also drops a password-stealing Trojan horse, Keylog-C, into the Windows system directory. Keylog attempts to send information such as operating system details and personal passwords via the Internet back to the Trojan author. Kern32.exe, the main file of this Trojan, is added to the Win.ini file so that it will launch each time the computer is restarted.

Advertisement

Talkback 0 comments

Reviews by category

Latest Videos

1) Apple iPhone 3GS 32GB36 plans 6%
2) Apple iPhone 3GS 16GB30 plans 1%
3) Apple iPhone 8GB42 plans 1%
4) HTC Magic16 plans 2%
5) Nokia N9743 plans 1%

Mobiles | Broadband | Credit Cards

ZDNET Australia Partner Services

Blogs

  • Darren Greenwood Telecom NZ savings damage prospects
    If Telecom NZ wants to have any of the NZ$1.5 billion the government intends to spend on its new broadband network, it had better think long and hard before offshoring 1500 jobs.
  • Array iiNet: The whys and what nows
    Last week the Federal Court ruled that internet service providers are not responsible for copyright violation by their customers. This is an important decision not just for iiNet, which spent around $4 million defending the case, but for all ISPs in Australia and, indeed, globally.
  • Array Govt, hurry up with releasing data
    A programmer scraped data from the My School website to make some really cool heat maps showing regions of smart schools — no thanks to the government, which didn't supply the data in any useful kind of format.
  • More blogs »

Tags

Back to top

Featured