Sophos, a world leader in corporate anti-virus protection, has
urged companies once again to review whether they are doing enough
to stop malicious code from entering their organisations in the
wake of the new Badtrans-B worm (aka W32/Badtrans-B).
Sophos has received many reports of Badtrans-B circulating in
the wild and is calling for users to implement simple safe
computing procedures - such as keeping their anti-virus software
up-to-date, deploying security patches from Microsoft and blocking
attachments with double extensions.
"Why make it easy for the virus writers? If companies had
blocked files with double extensions from entering their
organisation after the Love Bug in May 2000
they would not have been affected by Badtrans, Sircam, Anna Kournikova, Apology and countless
other email-aware worms," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Furthermore, one of the ways
this worm attacks is by exploiting a security hole in Microsoft
Outlook. It's baffling to find that even though Microsoft secured
that hole eight months ago, many users have still not applied the
patch."
Badtrans-B is an email aware worm that uses a known exploit in
certain versions of Microsoft Outlook Express 5 in order to launch
the attached file automatically. The name of the attached file is
randomly generated (using names like YOU_ARE_FAT!.DOC.pif and
ME_NUDE.MP3.scr), but is easily spotted by its double
extension.
If the attached file is run, the worm copies itself into the
Windows system directory and runs the next time Windows is started.
The worm also drops a Trojan horse (Troj/PWS-AV) which can
steal passwords and confidential information.
Sophos Anti-Virus has issued an update which protects against
Badtrans-B.
Sophos recommends users of Microsoft products consider
subscribing to Microsoft's security bulletin notification mailing
list. Details on how to do this are described on Microsoft's website.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.