W32/Badtrans-B: Information and protection

Sophos Press Release

Sophos released protection against the W32/Badtrans-B worm on Saturday 24 November, 15:45 GMT (10:45 EST). This worm is spreading widely across the internet and Sophos is receiving a significant number of technical support calls and it may take longer than usual to respond to your enquiry.

For this reason we have listed useful links and further information about this worm below.

Please remember you can also email our support department at support@sophos.com if you have any further enquiries.

Quick links

* Instructions for removing W32/Badtrans-B and Troj/PWS-AV
* Sophos analysis of W32/Badtrans-B
* Sophos analysis of Troj/PWS-AV, the Trojan horse dropped by W32/Badtrans-B
* How to use virus identity (IDE) files
* Sign up for automatic email notification of new in-the-wild viruses

Further information

W32/Badtrans-B exploits a security loophole in some versions of Microsoft Outlook. Microsoft issued a patch which reportedly fixes this loophole earlier this year, but some users have still not patched against it.

Read more and download the patch from Microsoft.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm)

Sophos recommends users of Microsoft products consider subscribing to Microsoft's security bulletin notification mailing list. Details on how to do this are described on Microsoft's website.


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.