TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_BADTRANS.B
Overview
Solution

Malware type: Worm

Aliases: Email-Worm.Win32.BadtransII (Kaspersky), Exploit-MIME.gen.exe (McAfee), W32.Badtrans@mm.enc (Symantec), Worm:Win32/Badtrans.B@mm (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, 2000, NT, ME, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames.

It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute. This is also known as Automatic Execution of Embedded MIME type.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 24, 2001 3:38:46 PM GMT -0800
Description updated: Dec. 5, 2001 1:50:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.