SINGAPORE -- November 27, 2001 -- Due to an increase in submissions, both W32.Badtrans.B@mm and W32.Aliz.Worm have been upgraded to Level 4 (severe). Both worms are mass mailers and are spreading quickly across the globe. Computer users should visit the Symantec Security Response website to download the latest definitions via LiveUpdate at: http://securityresponse.symantec.com/avcenter/

From past experience with these types of worms, including Melissa and Loveletter, the number of submissions is expected to peak and then fall dramatically as users update their definitions.

W32.Badtrans.B@mm
Discovered: November 24, 2001
Threat Assessment: Upgraded to Level 4 - 15 times more submissions to Symantec Security Response than the day it was first discovered. It is predominately circulating in the UK and US.
Virus Name: W32.Badtrans.B@mm (a variant of W32.Badtrans.13312@mm discovered on April 11, 2001)
Definitions: Definitions were posted on November 24, 2001.
Description: W32.Badtrans.B@mm is a mass mailing worm which does not rely on any particular email program to spread itself. It emails itself out as one of several different file names. This worm also drops a keystroke logging Trojan which uses two key logging routines. The first routine logs every keystroke and then sends the resulting file to one of 22 email addresses. These addresses appear to be free or stolen email accounts. The second routine waits for the Windows remote access service (RAS) dialog to appear and then logs all keystrokes to a file and sends them to a Hotmail address.
Prevention Methods:

1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif.
2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted.

W32.Aliz.Worm
Discovered: May, 2001 Threat Assessment: Upgraded to Level 4 - 10 times more submissions to Symantec Security Response in the last 2 days across the globe. It is predominately circulating in Japan.
Virus Name: W32.Aliz.Worm
Definitions: Certified definitions are available.
Description: W32.Aliz.Worm is a very simple SMTP mass mailer worm. The worm is written in assembly and is additionally packed. The worm propagates by obtaining email addresses from the Windows Address Book and sending itself to those addresses. When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Symantec Security Response
Symantec Security Response is one of the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on Symantec Security Response. The centre's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, Symantec Security Response develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threatshttp://securityresponse.symantec.com.

Symantec:
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 37 countries. For more information, please visit www.symantec.com.