1. /
  2. Security Response/
  3. W32.Badtrans.B@mm

W32.Badtrans.B@mm

Risk Level 2: Low

Discovered:
November 24, 2001
Updated:
February 13, 2007 11:37:49 AM
Also Known As:
I-Worm.BadtransII [KAV], Badtrans.B@mm [Norman], W32/Badtrans.B [Panda], WORM_BADTRANS.B [Trend], W32/Badtrans-B [Sophos], W32/Badtrans.B@mm [F-Secure], W32/BadTrans@MM [McAfee], Win32.Badtrans.29020 [CA], Worm/Badtrans.B [Vexira]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
CVE-2001-0154

Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level of this worm from Category 3 to Category 2 as of May 5, 2003.

W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.

Antivirus Protection Dates

  • Initial Rapid Release version November 24, 2001
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version November 24, 2001
  • Latest Daily Certified version July 19, 2013 revision 002
  • Initial Weekly Certified release date November 24, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High
Writeup By: Peter Ferrie

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver