Virus alert
New Virus: Badtrans.B
This warning applies if you use Microsoft Outlook or Outlook Express.
There is a new Windows virus, called Badtrans.B, spreading rapidly through email (I have been hit three times in the past 24 hours.) The email subject of the infected message will be simply “Re:”. The email body will be blank but the message will contain an attachment with a double extension: filenames will resemble Pics.zip.pif and Humor.mp3.scr. When the message is opened, Outlook will launch the Internet Explorer (IE) parser to render the message. IE versions 5.01 and 5.5 (but not 5.01SP2) contain an exploitable MIME bug allowing arbitrary code to be executed without prompting the user; this is the route of infection.
The virus has two main effects. First, it will email infected messages, using its own MAPI code, to email addresses found in cached web pages. Second (and more seriously) it will install a Trojan horse keystroke logger; the logger will be in effect when the title of the foreground window begins with ‘LOG’, ‘PAS’, ‘REM’, ‘CON’, ‘TER’, or ‘NET’ (for ‘logon’, ‘password’, ‘remote’, ‘connection’, ‘terminal’, ‘network’, etc.) and the keystroke log will be mailed to one of the creator’s (or creators’) email addresses. The keystroke logging code is contained in %System%\Kdll.dll.
Email subscription
