News

Variant Gives Badtrans Another Run

A variant on April's Badtrans worm-trojan combination kept IT administrators hopping in the last week of November.

Reports began coming in as early as Saturday, Nov. 24 that a Badtrans.B was in the wild.

Symantec Security Response on Nov. 26 raised its threat assessment on Badtrans.B from Level 3 to Level 4 due to its high distribution in the wild. Symantec, however, noted that Badtrans.B does relatively little damage. Badtrans.B performs a mass mailing and installs a keystroke-logging trojan.

Central Command raised its virus alert status to high Nov. 27. By the end of the month, Badtrans had accounted for half of Central Command's virus inquiries for all of November.

Microsoft Corp. responded on the Nov. 26 by posting information about the worm on its security site, in which it noted that Badtrans.B exploits a vulnerability that Redmond had patched way back in March before the first Badtrans came out.

"Unfortunately, this is a case of a known vulnerability still being successfully used today," said Steven Sundermeier, product manager at Central Command.

The worm follows a trend among virus writers in removing as much user intervention as possible, Sundermeier notes. The security hole in Internet Explorer 5.01 SP1 and 5.5 SP1 that Badtrans.B exploits allows for execution of e-mail attachments when an Outlook user simply views or previews a message.

The original Badtrans was one of the more significant security problems of 2001. Sophos Inc. compiled an early list of the 10 most common viruses of 2001 last week, and Badtrans already rated ninth place.

Microsoft rates the vulnerability as a moderate security risk.

The Microsoft patch can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.