Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- November 24, 2001
- Updated:
- February 13, 2007 11:37:49 AM
- Also Known As:
- I-Worm.BadtransII [KAV], Badtrans.B@mm [Norman], W32/Badtrans.B [Panda], WORM_BADTRANS.B [Trend], W32/Badtrans-B [Sophos], W32/Badtrans.B@mm [F-Secure], W32/BadTrans@MM [McAfee], Win32.Badtrans.29020 [CA], Worm/Badtrans.B [Vexira]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
- CVE References:
- CVE-2001-0154
Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level of this worm from Category 3 to Category 2 as of May 5, 2003.
W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.
Antivirus Protection Dates
- Initial Rapid Release version November 24, 2001
- Latest Rapid Release version March 1, 2011 revision 037
- Initial Daily Certified version November 24, 2001
- Latest Daily Certified version March 2, 2011 revision 002
- Initial Weekly Certified release date November 24, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Medium
- Number of Infections: More than 1000
- Number of Sites: More than 10
- Geographical Distribution: High
- Threat Containment: Moderate
- Removal: Moderate
Damage
- Damage Level: Low
Distribution
- Distribution Level: High
Writeup By: Peter Ferrie
