New virus detected by Symantec

Email worm BADTRANS is doing the rounds, warn antivirus firms

Trend Micro, AVX and Symantec say a new virus is spreading: BADTRANS.A, or w32.badtrans.13312@mm.

AVX says the virus was detected on 12 April, whereas Symantec says it was discovered on 11 April.

The new memory resident Internet worm is propagating via email clients. It sends email messages replying to all unread messages in a user's inbox folder. It attaches itself to the email, maintaining the same subject and message body as the original email. It then copies itself into the Windows folder as Inetd.exe and modifies WIN.INI, adding a new "run=" line.

In this way, the worm will again find all unread messages after the following reboot and will reply to all of them. It probably compromises security dropping and executing a backdoor Trojan program called Hkk32.exe. Most antivirus software firms have already issued an update.

Full story in Italian

Take me to the Virus Workshop

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All