News

Variant Gives Badtrans Another Run

A variant on April's Badtrans worm-trojan combination kept IT administrators hopping in the last week of November.

Reports began coming in as early as Saturday, Nov. 24 that a Badtrans.B was in the wild.

Symantec Security Response on Nov. 26 raised its threat assessment on Badtrans.B from Level 3 to Level 4 due to its high distribution in the wild. Symantec, however, noted that Badtrans.B does relatively little damage. Badtrans.B performs a mass mailing and installs a keystroke-logging trojan.

Central Command raised its virus alert status to high Nov. 27. By the end of the month, Badtrans had accounted for half of Central Command's virus inquiries for all of November.

Microsoft Corp. responded on the Nov. 26 by posting information about the worm on its security site, in which it noted that Badtrans.B exploits a vulnerability that Redmond had patched way back in March before the first Badtrans came out.

"Unfortunately, this is a case of a known vulnerability still being successfully used today," said Steven Sundermeier, product manager at Central Command.

The worm follows a trend among virus writers in removing as much user intervention as possible, Sundermeier notes. The security hole in Internet Explorer 5.01 SP1 and 5.5 SP1 that Badtrans.B exploits allows for execution of e-mail attachments when an Outlook user simply views or previews a message.

The original Badtrans was one of the more significant security problems of 2001. Sophos Inc. compiled an early list of the 10 most common viruses of 2001 last week, and Badtrans already rated ninth place.

Microsoft rates the vulnerability as a moderate security risk.

The Microsoft patch can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

  • Microsoft FastTrack Support Extended to Microsoft 365 Defender Solutions

    The Microsoft FastTrack support program has been extended to Microsoft 365 Defender products for certain qualified subscribers, Microsoft indicated this week.

  • Microsoft 365 File-Size Support Expanding to 250GB

    Microsoft 365 users will be getting expanded file-size support, allowing files to be shared that are 250GB maximum in size, per a Microsoft announcement this week.

comments powered by Disqus