BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Tuesday, 27 November, 2001, 12:14 GMT
BadTrans computer virus strikes
Be careful whatyou type, Badtrans could be watching
Be careful whatyou type, Badtrans could be watching
A sneaky Windows computer virus is circulating that tries to install software that monitors what users are typing and passes it to the malicious program's creator.

Like many of the other computer viruses that have struck in recent months, BadTrans-B attempts to spread by exploiting weaknesses in Microsoft e-mail programs.

One anti-virus company has caught over 20,000 copies of the virus in the last 24 hours.

The UK, Germany and US are the countries most seriously infected by the virus.

Old holes

The BadTrans-B virus is spreading swiftly because, unlike many other e-mail viruses, the pernicious payload that helps it raid Microsoft Outlook address books does not have to be clicked on to set it off.

Simply previewing the item could cause infection. The loophole the virus exploits was first discovered in early 2001.

Badtrans-B file names
"It's baffling to find that even though Microsoft secured that hole eight months ago, many users have still not applied the patch," said Graham Cluley of anti-virus firm Sophos.

When the virus mails itself to the contacts in the address books it raids, the virus uses a subject line from an existing message to make it appear to be a legitimate reply.

The virus also regularly swaps the name of the attachment travelling with it, in an attempt to conceal its pernicious payload.

BadTrans-B is a variant of the original BadTrans virus that was first discovered in April.

BT Openworld error

As well as raiding Outlook and Outlook Express address books, the virus also tries to implant a hidden program that tries to send an identifying net address to the author of the virus.

The hidden program also monitors what users are typing and the information it tracks could be used by a malicious hacker to steal credit card information or passwords for websites.

Britain seems to have been hit hard by the BadTrans-B Windows virus. Anti-virus firm Message Labs, which logs the numbers of pernicious programs it traps, has caught over 21,000 copies of BadTrans-B in the last 24 hours. Over 50% of these originated in Britain.

The spread of the virus was inadvertently helped by BT Openworld, which accidentally e-mailed a copy of the virus to its customers.

See also:

24 Jul 01 | Sci/Tech
Sircam virus steals files
25 Sep 01 | Sci/Tech
Virus exploits terror attacks
02 Aug 01 | Sci/Tech
Code Red 'was never a threat'
24 Aug 00 | Sci/Tech
'Trojans' open online accounts
14 Aug 01 | Europe
Azeris grapple with alphabet soup
13 Sep 00 | Sci/Tech
Computer filth exposed
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories