Cyclone BadTrans heading for New Zealand

New Zealand users are battening down the hatches for the next wave of viral attacks, this time in the form of the BadTrans virus.

New Zealand users are battening down the hatches for the next wave of viral attacks, this time in the form of the BadTrans virus.

The twist this time is that the payload doesn't need a user to launch it for it to infect a machine running Outlook Express 5. Users who have the preview pane open will find that the worm exploits a flaw in OE 5 that automatically launches the attachment.

Microsoft has released a patch for the flaw, which can be found here.

While the virus itself is relatively easy to spot - it has no subject line or text, just an attachment, the payload itself is quite vicious. The worm doesn't use the Outlook address book to replicate itself, instead going after the user's unopened email and sending itself to any names found in that list. The worm also breaches the infected PC's security by planting a keystroke logging application in the PC. When users open a window that contains words related to security, such as password, login, terminal and so on, the logger starts recording the keystrokes typed by the user. Once the application has stored a certain number of keystrokes it then emails the passwords, PINs and the like to one of a number of free email addresses.

While the virus is causing mayhem around the world, New Zealand users are yet to feel the full brunt of it.

Traffic numbers across Xtra's network have not increased noticeably, according to Xtra spokesperson Matt Bostwick, although he says that could be a byproduct of the Xtra reporting cycle.

"At the moment we're not seeing a lot of traffic fluctuation. There is some but not a huge amount." Bostwick says that could well change in the next couple of days, but Xtra isn't experiencing any congestion on the network.

However, both Clear and Ihug are reporting a significant increase in the number of infected email being seen on the network. Ihug director Tim Wood says the company has blocked between 900 and 1000 infected emails intended for customers using Ihug's i-Spy security product.

"I've got no idea how many went through to customers who aren't covered by it."

Clear's public affairs manager Ralph Little says Clear has seen an increase in overall activity with a threefold increase in traffic.

Anti-virus firm Symantec has released virus definitions for the worm, and country manager Richard Batchelar says he is getting a lot of feedback that says the incidence of it is on the rise.

"Yes, it's a nasty one all right."

Join the newsletter!

Error: Please check your email address.

Tags BadTrans

More about MicrosoftSymantecXtra

Show Comments
[]