Virus alert
New Virus: Badtrans.B
This warning applies if you use Microsoft Outlook or Outlook Express.
There is a new Windows virus, called Badtrans.B, spreading rapidly through email (I have been hit three times in the past 24 hours.) The email subject of the infected message will be simply “Re:”. The email body will be blank but the message will contain an attachment with a double extension: filenames will resemble Pics.zip.pif and Humor.mp3.scr. When the message is opened, Outlook will launch the Internet Explorer (IE) parser to render the message. IE versions 5.01 and 5.5 (but not 5.01SP2) contain an exploitable MIME bug allowing arbitrary code to be executed without prompting the user; this is the route of infection.
The virus has two main effects. First, it will email infected messages, using its own MAPI code, to email addresses found in cached web pages. Second (and more seriously) it will install a Trojan horse keystroke logger; the logger will be in effect when the title of the foreground window begins with ‘LOG’, ‘PAS’, ‘REM’, ‘CON’, ‘TER’, or ‘NET’ (for ‘logon’, ‘password’, ‘remote’, ‘connection’, ‘terminal’, ‘network’, etc.) and the keystroke log will be mailed to one of the creator’s (or creators’) email addresses. The keystroke logging code is contained in %System%\Kdll.dll.
- More info on Badtrans.B from Symantec
- More info on the IE MIME exploit
[ Replace this ad for $1/month ]
|
Leave a Reply, but read first
- Feel free to leave replies even to very old posts.
- Is your comment not specifically about this post? Great! Go here.
- Flame, swear, rant, shout — just don't spam! You won't increase your PageRank, even temporarily (the URLs are tagged 'nofollow'), and I'll delete it anyway. Save us both time.
Subscribe by email
