W32/Badtrans.B@mm

Download VIRUSfighter NOW
W32/Badtrans.B@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 11/24/2001 • Type: Worm
• Virus characteristics first published: 11/24/2001 • Spreading mechanism: Email
• Virus characteristics latest update: 12/18/2003 • Overall risk: Low
• Alias: • Payload: Backdoor functionality
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Email characteristics:
  • Subject: Variable
  • Body:
  • Attachment: Variable name, built up by several pieces
The worm uses the Microsoft Mail API to spread itself to addresses it finds in the users address book, web browser cache and in documents in the "My Documents" (or similar in local language) folder.

The "From:" address will often have been changed by the worm to have underscore as first letter. Thus, attempting to reply to such an address will normally bounce unless the underscore is removed.

The attachment name can consist of one of the following pieces:

fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site
README
images
pics
S3MSONG
SEARCHURL

The attachment will have double extensions, where the first is either DOC, MP3 or ZIP, and the second is either PIF or SCR.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter