You are here: silicon.com > Resources > White Papers > Silicon > White Papers

White Papers White Papers

W32/Badtrans-B (Sophos)

Tags:
file,
list,
message,
worm

Overview Date: Tue, 27 Nov 2001 13:14:17 (GMT)

Name: W32/Badtrans-B

Type: Win32 worm

At the time of publication of our initial alert (Sat, 24 Nov 2001 16:00:35 (GMT), Sophos had received just one report of this worm from the wild. Within a few days, Sophos has received many reports of this worm from the wild. Sophos has received a significant number of reports of users receiving an email-aware worm called W32/Badtrans-B.

Description: W32/Badtrans-B is a worm which uses MAPI to spread. The worm arrives in an email message with no message text. The attachment filename is randomly generated from three parts. The first part is taken from the list:

FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS

The second from the list:

.DOC.
.MP3.
.ZIP.

and the last from:

pif
scr

If the attached file is run, it copies itself into the Windows system directory with the filename KERNEL32.EXE and changes the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce so that the worm runs the next time Windows is started. The worm also drops a file named kdll.dll, which is the password stealing Trojan Troj/PWS-AV.

Further White Paper Details
Publisher	Sophos	File Format	HTML
Date Published	November 2001	Downloads	2
Format	White Papers
Topics	N/A

Did you find this white paper useful? 1 out of 2 users found this white paper useful

Accelerating Microsoft Windows Vista Migrations with Citrix XenApp

Publisher:
Citrix Systems

Delivering Information in Real Time

Publisher:
IBM

Green IT: Reducing your Carbon Footprint with Citrix

Publisher:
Citrix Systems

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

Publisher:
Novell

Security Beyond Corporate Boundaries: Using Citrix Application Delivery to Protect Corporate Information Anywhere Business Happens

Publisher:
Citrix Systems

Virus warning: Beware the Lovgate worm

Attachment file names may include: BILLGT.EXE, CARD.EXE, DOCS.EXE, FUN.EXE, HAMSTER.EXE, HUMOR.EXE, IMAGES.EXE, JOKE.EXE, MIDSONG.EXE, NEWS_DOC.EXE, PICS.EXE, PSPGAME.EXE, S3MSONG.EXE, SEARCHURL.EXE, SETUP.EXE, TAMAGOTXI.EXE.

Channel:
Security Strategy

AIM worm chats with intended victims

The holiday worm, dubbed Aimdes.E, targets AIM users and arrives with the message: "The user has sent you a Greeting Card, to open it visit:" followed by a link. When receiving a link in an instant message, the best practice is to verify with the...

Channel:
Malware
Tags:
aim,
chat,
worm,
computer worm

Worm Warning: Britney pics carry a nasty surprise

If it is found, the worm drops a file called SCRIPT.INI which will help it spread via IRC. The worm requires ActiveX to be enabled for the VBS script to run so it tries to get the user to enable it with a message: "Enable ActiveX To See Britny...

Channel:
Security Strategy

AIM worm exhibits new, nasty tactics

When receiving a link in an instant message, the best practice is to verify with the sender if the link was sent intentionally or not. The worm then spreads itself by sending messages to all names on the victim's contact list.

Channel:
Malware
Tags:
aim,
computer worm

Windows JPEG worm spreading over AOL IM

A worm that exploits the recently discovered JPEG vulnerability has been discovered spreading over AOL's Instant Messenger (IM). Experts at the SysAdmin Audit Network Security (SANS) Institute said that the worm is still in its infancy as it has...

Channel:
Malware

UK businesses warned of hybrid virus

Attached file: Randomly named with extension .PIF, .SCR, .EXE or .BAT. The message text is randomly composed by the worm but the message can also be without a text. The worm carries a compressed copy of the W32/ElKern-B virus inside, which it...

Channel:
Security Strategy

Featured White Papers

IDC reports on Novell's Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction

This IDC whitepaper examines how companies are turning to integrated security solutions, such as Novell Secure Desktop Solution, to deal with the vulnerability of mobile assets and implement a comprehensive security strategy.

Publisher:
Novell

Green IT: Reducing your Carbon Footprint with Citrix

Going green has become an imperative, not an option, for companies facing the new reality of balancing business objectives with dwindling environmental resources. Read on to learn how Citrix products can help bring environmental and organizational objectives into alignment by alleviating the energy impact of equipment needed to serve both the datacenter and the desktop.

Publisher:
Citrix Systems

Identity and Security Management and Strong Information Technology Goverance

A total identity and access management (IAM) – driven goverance, risk and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practises across the enterprise. This IDC white paper examines identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance.

Publisher:
Novell

Also on silicon.com

Site Navigation:

White Papers White Papers

W32/Badtrans-B (Sophos)

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific