W32/Badtrans-B: Information and protection

November 29, 2001 Sophos Press Release

Sophos released protection against the W32/Badtrans-B worm on Saturday 24 November, 15:45 GMT (10:45 EST). This worm is spreading widely across the internet and Sophos is receiving a significant number of technical support calls and it may take longer than usual to respond to your enquiry.

For this reason we have listed useful links and further information about this worm below.

Please remember you can also email our support department at support@sophos.com if you have any further enquiries.

Quick links

* Instructions for removing W32/Badtrans-B and Troj/PWS-AV
* Sophos analysis of W32/Badtrans-B
* Sophos analysis of Troj/PWS-AV, the Trojan horse dropped by W32/Badtrans-B
* How to use virus identity (IDE) files
* Sign up for automatic email notification of new in-the-wild viruses

Further information

W32/Badtrans-B exploits a security loophole in some versions of Microsoft Outlook. Microsoft issued a patch which reportedly fixes this loophole earlier this year, but some users have still not patched against it.

Read more and download the patch from Microsoft.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm)

Sophos recommends users of Microsoft products consider subscribing to Microsoft's security bulletin notification mailing list. Details on how to do this are described on Microsoft's website.