Sophos, a world leader in corporate anti-virus protection, has
urged companies once again to review whether they are doing enough
to stop malicious code from entering their organisations in the
wake of the new Badtrans-B worm (aka
Sophos has received many reports of Badtrans-B circulating in
the wild and is calling for users to implement simple safe
computing procedures - such as keeping their anti-virus software
up-to-date, deploying security patches from Microsoft and blocking
attachments with double extensions.
"Why make it easy for the virus writers? If companies had
blocked files with double extensions from entering their
organisation after the Love Bug in May 2000 they would not have
been affected by Badtrans, Sircam, Anna Kournikova, Apology and
countless other email-aware worms," said Paul Ducklin, Head of
Global Support for Sophos Anti-Virus. "Furthermore, one of the ways
this worm attacks is by exploiting a security hole in Microsoft
Outlook. It's baffling to find that even though Microsoft secured
that hole eight months ago, many users have still not applied the
Badtrans-B is an email aware worm that uses a known exploit in
certain versions of Microsoft Outlook Express 5 in order to launch
the attached file automatically. The name of the attached file is
randomly generated (using names like YOU_ARE_FAT!.DOC.pif and
ME_NUDE.MP3.scr), but is easily spotted by its double
If the attached file is run, the worm copies itself into the
Windows system directory and runs the next time Windows is started.
The worm also drops a Trojan horse which can steal passwords and
Sophos has issued protection against Badtrans-B.
Read more about
this worm and download protection.
Sophos's ten point plan for a safe computing policy can be found