You're in: Panda Security > Home Users > security-info > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Badtrans.B

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Badtrans.B
Technical name:W32/Badtrans.B.worm
Threat level:Medium
Alias:Badtrans.B,, I-Worm.Badtrans.B, Badtrans.B@MM, W32/Badtrans.B@MM
Type:Worm
Effects:  

It logs the keystrokes typed by the user in order to obtain confidential information about the user, such as passwords or usernames. It sends itself from the affected computer to all the senders of the email messages marked as unread.

Affected platforms:

Windows ME/98/95

Detection updated on:July 27, 2007
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover
Family:Badtrans

Brief Description 

    

Badtrans.B is a worm that reaches computers in a file attached to an email message that appears to be a reply to a previously sent email.

The danger of Badtrans.B lies in the following features:

  • It is automatically activated when the email message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer, which allows email attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame.
  • It has a high capacity to spread by camouflaging itself.
  • When Badtrans.B affects a computer, it replies to all the email messages marked as unread. By doing this, it tricks the recipients into believing that they have received a reply to a message that they have sent.
  • It obtains and exposes confidential user data by dropping a Trojan in the computer.

Visible Symptoms 

    

Badtrans.B is easy to recognize, as it reaches the computer in an email message with the following characteristics:

  • Sender: one of the following:
    "Anna"
    "JUDY"
    "Rita Tulliani"
    "Tina"
    "Kelly Andersen"
    "Andy"
    "Linda"
    "Mon S"
    "Joanna"
    "JESSICA BENAVIDES"
    "Administrator"
    "Admin"
    "Support"
    "Monika Prado"
    "Mary L. Adams" mary@c-com.net
  • Subject:
    Re: m
  • Attachments: it has a variable name and a double extension:
    Possible names:FUN, HUMOR, DOCS, INFO, SORRY_ABOUT_YESTERDAY, ME_NUDE, CARD, SETUP, STUFF, YOU_ARE_FAT!, HAMSTER, NEWS_DOC, NEW_NAPSTER_SITE, README, IMAGES, PICS.
    Possible first extensions: MP3, ZIP, DOC.
    Possible second extensions: PIF, SCR.
    For example: HUMOR.DOC.PIF or CARD.ZIP.SCR.