BadtransII Reaches Global Epidemic Proportions

26 Nov 2001
Virus News

Kaspersky Lab' warning of this past Sunday not being heeded

Kaspersky Lab, an international data-security software developer, reports about the global epidemic being wrought by the Internet virus-worm BadtransII. To date, this malfeasant worm has outstripped other cases of infections by other viruses almost 10-fold.

As readers may remember, the appearance of this malicious code was first reported in the wild on this past Sunday, already having caused numerous infections on users' computers throughout the world. As of today, BadtransII has reached such epidemic levels as to have already caused nearly 11,000 reported cases of infection in Great Britain alone. Other countries seeing high levels of infection are Germany and the United States.

I-Worm.BadtransII is a worm that spreads under Win32 systems. The virus sends e-mail messages with infected files attached, as well as installs a spying Trojan component to steal information from infected systems. The worm itself is a Win32 executable file (PE EXE file). It was found in-the-wild in compressed form, and is about 29Kb in size. Upon being decompressed, the worm file length becomes about 60Kb in size.

The worm consists of two main components, the worm and the Trojan. The "worm" component sends infected messages, and the "Trojan" component sends out information (user's info, RAS data, cached passwords, keyboard log) from infected computers to a specified e-mail address. It also keeps a "keylogger" program body in its code, and installs it into the system while infecting a new machine.

"Unfortunately, this worm epidemic shows no signs of ceding. It is more likely than not that BadtransII will reach its peak this week, eventually little by little falling back into the pack with other viruses in terms of the number of reported infections. However, it cannot be excluded that BadtransII was not masked by the Aliz epidemic of last week, and in turn could be cover for yet another forthcoming epidemic. It remains to be seen what other "presents" the computer underground is "wrapping up" for the Christmas holidays," commented Eugene Kaspersky, Head of Anti-Virus Research for Kaspersky Lab.