Welcome to the Virus Encyclopedia of Panda Security.
Badtrans.B is a worm that reaches computers in a file attached to an email message that appears to be a reply to a previously sent email.
The danger of Badtrans.B lies in the following features:
- It is automatically activated when the email message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer, which allows email attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame.
- It has a high capacity to spread by camouflaging itself.
- When Badtrans.B affects a computer, it replies to all the email messages marked as unread. By doing this, it tricks the recipients into believing that they have received a reply to a message that they have sent.
- It obtains and exposes confidential user data by dropping a Trojan in the computer.
Badtrans.B is easy to recognize, as it reaches the computer in an email message with the following characteristics:
- Sender: one of the following:
"Rita Tulliani" <email@example.com>
"Kelly Andersen" <Gravity49@aol.com>
"Mon S" <firstname.lastname@example.org>
"JESSICA BENAVIDES" <email@example.com>
"Monika Prado" <firstname.lastname@example.org>
"Mary L. Adams" email@example.com
- Attachments: it has a variable name and a double extension:
Possible names:FUN, HUMOR, DOCS, INFO, SORRY_ABOUT_YESTERDAY, ME_NUDE, CARD, SETUP, STUFF, YOU_ARE_FAT!, HAMSTER, NEWS_DOC, NEW_NAPSTER_SITE, README, IMAGES, PICS.
Possible first extensions: MP3, ZIP, DOC.
Possible second extensions: PIF, SCR.
For example: HUMOR.DOC.PIF or CARD.ZIP.SCR.