Sophos, a world leader in corporate anti-virus protection, has
urged companies once again to review whether they are doing enough
to stop malicious code from entering their organisations in the
wake of the new Badtrans-B worm (aka W32/Badtrans-B).
Sophos has received many reports of Badtrans-B circulating in
the wild and is calling for users to implement simple safe
computing procedures - such as keeping their anti-virus software
up-to-date, deploying security patches from Microsoft and blocking
attachments with double extensions.
"Why make it easy for the virus writers? If companies had
blocked files with double extensions from entering their
organisation after the Love Bug in May 2000
they would not have been affected by Badtrans, Sircam, Anna Kournikova, Apology and countless
other email-aware worms," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Furthermore, one of the ways
this worm attacks is by exploiting a security hole in Microsoft
Outlook. It's baffling to find that even though Microsoft secured
that hole eight months ago, many users have still not applied the
Badtrans-B is an email aware worm that uses a known exploit in
certain versions of Microsoft Outlook Express 5 in order to launch
the attached file automatically. The name of the attached file is
randomly generated (using names like YOU_ARE_FAT!.DOC.pif and
ME_NUDE.MP3.scr), but is easily spotted by its double
If the attached file is run, the worm copies itself into the
Windows system directory and runs the next time Windows is started.
The worm also drops a Trojan horse (Troj/PWS-AV) which can
steal passwords and confidential information.
Sophos Anti-Virus has issued an update which protects against
Sophos recommends users of Microsoft products consider
subscribing to Microsoft's security bulletin notification mailing
list. Details on how to do this are described on Microsoft's website.