Trend Micro, AVX and Symantec say a new virus is spreading: BADTRANS.A, or w32.badtrans.13312@mm.
AVX says the virus was detected on 12 April, whereas Symantec says it was discovered on 11 April.
The new memory resident Internet worm is propagating via email clients. It sends email messages replying to all unread messages in a user's inbox folder. It attaches itself to the email, maintaining the same subject and message body as the original email. It then copies itself into the Windows folder as Inetd.exe and modifies WIN.INI, adding a new "run=" line.
In this way, the worm will again find all unread messages after the following reboot and will reply to all of them. It probably compromises security dropping and executing a backdoor Trojan program called Hkk32.exe. Most antivirus software firms have already issued an update.
Full story in Italian
Take me to the Virus Workshop
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.