Symantec Hong Kong
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec warns of a computer worm: 32.Badtrans.13312@mm


Hong Kong -- April 27, 2001

WHAT:
Researchers at the Symantec AntiVirus Research Center (SARC) are issuing a warning about a new worm: W32.Badtrans.13312@mm. Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread mails in your email message folders and loads a backdoor Trojan on to the infected computer.

Infections of the worm has been reported mainly in the US as well as Europe and Latin America.

Anti-virus definitions have been available from Symantec since April 11, 2001

CHARACTERISTICS OF INFECTION:
W32.Badtrans.13312@mm is a worm that is distributed by email as a .pif or .scr attachment. It works with all major email clients.

PAYLOAD:
When the worm is executed, it loads the backdoor Trojan Hkk32.exe in the \Windows folder. The Trojan alters the registry key to allow it to run after every reboot permitting remote access to the infected machine and logs all keystrokes.

The worm also alters the win.ini so that every time the computer is rebooted, the worm will wait for 5 minutes then use MAPI to reply to all unread email. The worm will attach itself to the email, using one of the following file names:

Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif

RECOMMENDATIONS/PROTECTION:
Organisation should filter for all .pif and .scr email attachments, which will also protect them from other malicious code. Information on how to remove the worm and restore an infected machine is available at www.sarc.com

SYMANTEC ANTIVIRUS RESEARCH CENTER:
SARC is one of the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on SARC. The centre's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

SYMANTEC:
Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and companies. The company is a leading provider of virus protection, risk management, Internet content and email filtering, and mobile code detection technologies to enterprise customers. Headquartered in Cupertino, Calif., Symantec has worldwide operations in more than 36 countries.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com/PressCenter/ on Symantec's Web site.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.