News

Variant Gives Badtrans Another Run

A variant on April's Badtrans worm-trojan combination kept IT administrators hopping in the last week of November.

Reports began coming in as early as Saturday, Nov. 24 that a Badtrans.B was in the wild.

Symantec Security Response on Nov. 26 raised its threat assessment on Badtrans.B from Level 3 to Level 4 due to its high distribution in the wild. Symantec, however, noted that Badtrans.B does relatively little damage. Badtrans.B performs a mass mailing and installs a keystroke-logging trojan.

Central Command raised its virus alert status to high Nov. 27. By the end of the month, Badtrans had accounted for half of Central Command's virus inquiries for all of November.

Microsoft Corp. responded on the Nov. 26 by posting information about the worm on its security site, in which it noted that Badtrans.B exploits a vulnerability that Redmond had patched way back in March before the first Badtrans came out.

"Unfortunately, this is a case of a known vulnerability still being successfully used today," said Steven Sundermeier, product manager at Central Command.

The worm follows a trend among virus writers in removing as much user intervention as possible, Sundermeier notes. The security hole in Internet Explorer 5.01 SP1 and 5.5 SP1 that Badtrans.B exploits allows for execution of e-mail attachments when an Outlook user simply views or previews a message.

The original Badtrans was one of the more significant security problems of 2001. Sophos Inc. compiled an early list of the 10 most common viruses of 2001 last week, and Badtrans already rated ninth place.

Microsoft rates the vulnerability as a moderate security risk.

The Microsoft patch can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Shifting Away from Office 365 Brand Name in April

    Microsoft on Monday announced coming product naming changes, where "Office 365" is mostly getting replaced by the "Microsoft 365" brand.

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.