W32/Badtrans@MM - Disguised as Electronic Business Card or Screen Saver
BEAVERTON, Oregon, Nov. 26 /PRNewswire/ -- McAfee AVERT (Anti-Virus Emergency Response Team), a division of Network Associates, Inc. (Nasdaq: NETA), today assigned a MEDIUM ON WATCH risk assessment to the recently discovered "B" variant of the Internet worm, W32/Badtrans@MM.
Since its discovery on Friday evening by McAfee partner MessageLabs in the UK using the McAfee technology and MessageLabs' own Skeptic scanner, AVERT has confirmed a significant increase in reports of the Badtrans variant over the weekend. AVERT is reporting an increased number of infections and detections from the home-user market. McAfee corporate customers have been reporting great success in stopping the virus before it enters their environment.
Symptoms
W32/Badtrans@MM, also known as Badtrans or Badtrans.b, is a mass-mailing Internet worm that attempts to send itself using Microsoft Outlook by replying to unread e-mail messages. When executed, Badtrans also drops a remote access Trojan, or RAT, into the users Windows directory, which attempts to mail the victim's IP address to the author.
Subject: (Variable)
Body Text: (May contain). Take a look to the attachment
Attachment: (Variable). The worm will arrive as an attachment that is 13,312 bytes in length and takes on the form of one of the following examples:
S3MSONG.DOC.scr
Pics.DOC.scr
HUMOR.MP3.scr
Sorry_about_yesterday.MP3.pif
README.MP3.scr
ME_NUDE.MP3.scr
fun.MP3.pif
NEWS_DOC.DOC.scr
docs.DOC.pif
images.DOC.pif
HAMSTER.DOC.pif
SEARCHURL.MP3.pif
Cure
McAfee customers with the 4168 DATs or later are protected against Badtrans and the "B" Variant. Immediate information and cure for this virus can be found online at the McAfee AVERT site at http://vil.nai.com/vil/virusSummary.asp?virus_k=99069 . McAfee product users should update their systems from that page and use the 4.0.70 or later scanning engine to stop potential damage.
McAfee AVERT is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and active .dat technology to generate cures for previously undiscovered viruses.
With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of security and availability solutions for e-businesses. Network Associates is comprised of three product groups: McAfee, delivering world class anti-virus and security products; Sniffer, a leader in network availability and system security; and Magic Solutions, providing web-based service desk solutions. For more information, Network Associates can be reached at 972-308-9960 or on the Internet at http://www.nai.com/.
NOTE: Network Associates, McAfee, PGP, Sniffer, VirusScan, WebShield, NetShield, GroupShield, PrimeSupport, Enterprise SecureCast and Magic Solutions are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
SOURCE: Network Associates Inc.
WEB SITE: http://www.nai.com/
CO: Network Associates Inc.; McAfee
ST: Oregon, California
This press release may not be redistributed without prior written approval by PR Newswire.