Badtrans could spell bad news

From today’s edition of the Globe and Mail:

http://www.globeandmail.com/servlet/RTGAMArticleHTMLTemplate/D/20011126/gtwormfr?hub=homeBN&tf=tgam%2Frealtime%2Ffullstory.html&cf=tgam/realtime/config-neutral&vg=BigAdVariableGenerator&slug=gtwormfr&date=20011126&archive=RTGAM&site=Front&ad_page_name=breakingnews

url fixed - UB
Or not. I give up. Try one of the two other links in this thread. Or C&P the one above.

[Edited by UncleBeer on 11-27-2001 at 03:19 PM]

Reuter’s news on Badtrans

Mods: Please delete first one.

url fixed - UB

[Edited by UncleBeer on 11-27-2001 at 03:11 PM]

Mods: Please delete second one:D.

For my next number, I’ll try a couple of snips.

(If not, I give up)

"Unlike previous worms that were designed to attack corporate e-mail servers, this one makes itself right at home on standalone home versions of Outlook.

Although it spreads like a worm, Badtrans acts much like a type of “trojan horse” virus that sprang up on the Net about a year ago. A trojan horse requires the user to click on an attachment to activate the virus, which isn’t necessary with Badtrans. But famous trojans such as BackOrifice and netBus also created an electronic “back door” to let hackers into the computer and installed a keytracker program just as the new worm does.

The Badtrans keystroke logger can be used to record what people type in order to obtain personal information, passwords and credit card numbers.

“A [keystroke logger] is an ideal thing for a hacker to use, because sooner or later you will type passwords that they can use to get access to other systems,” Mr. Reiner said. “This is something we saw with other types of viruses in the past, but it hasn’t been a feature of e-mail worms until now.”

Nice tries:D!

I just fielded a panicked call from a friend that had her mailbox fill up with failed-delivery notices, and helpful mail saying that email from her account had been found to contain BadtransB. The weird thing is, she isn’t infected, and doesn’t use Outlook. :confused: Does this worm fake return addresses? The closest I’ve heard to that is that it adds an underscore to the beginning of them. I don’t get it.
The Register has a good article with plenty of useful info and links.

Don’t use OE!!