-
Discovered:
- November 24, 2001
-
Updated:
- February 13, 2007 11:37:49 AM
-
Also Known As:
- I-Worm.BadtransII [KAV], Badtrans.B@mm [Norman], W32/Badtrans.B [Panda], WORM_BADTRANS.B [Trend], W32/Badtrans-B [Sophos], W32/Badtrans.B@mm [F-Secure], W32/BadTrans@MM [McAfee], Win32.Badtrans.29020 [CA], Worm/Badtrans.B [Vexira]
-
Type:
- Worm
-
Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
-
CVE References:
-
CVE-2001-0154
Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level of this worm from Category 3 to Category 2 as of May 5, 2003.
W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.
Antivirus Protection Dates
-
Initial Rapid Release version November 24, 2001
-
Latest Rapid Release version March 1, 2011 revision 037
-
Initial Daily Certified version November 24, 2001
-
Latest Daily Certified version March 2, 2011 revision 002
-
Initial Weekly Certified release date November 24, 2001
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: High
-
Threat Containment: Moderate
-
Removal: Moderate
Writeup By: Peter Ferrie
