News

Variant Gives Badtrans Another Run

A variant on April's Badtrans worm-trojan combination kept IT administrators hopping in the last week of November.

Reports began coming in as early as Saturday, Nov. 24 that a Badtrans.B was in the wild.

Symantec Security Response on Nov. 26 raised its threat assessment on Badtrans.B from Level 3 to Level 4 due to its high distribution in the wild. Symantec, however, noted that Badtrans.B does relatively little damage. Badtrans.B performs a mass mailing and installs a keystroke-logging trojan.

Central Command raised its virus alert status to high Nov. 27. By the end of the month, Badtrans had accounted for half of Central Command's virus inquiries for all of November.

Microsoft Corp. responded on the Nov. 26 by posting information about the worm on its security site, in which it noted that Badtrans.B exploits a vulnerability that Redmond had patched way back in March before the first Badtrans came out.

"Unfortunately, this is a case of a known vulnerability still being successfully used today," said Steven Sundermeier, product manager at Central Command.

The worm follows a trend among virus writers in removing as much user intervention as possible, Sundermeier notes. The security hole in Internet Explorer 5.01 SP1 and 5.5 SP1 that Badtrans.B exploits allows for execution of e-mail attachments when an Outlook user simply views or previews a message.

The original Badtrans was one of the more significant security problems of 2001. Sophos Inc. compiled an early list of the 10 most common viruses of 2001 last week, and Badtrans already rated ninth place.

Microsoft rates the vulnerability as a moderate security risk.

The Microsoft patch can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.