Badtrans (computer worm)

related topics
{system, computer, user}
{law, state, case}
{work, book, publish}
{math, number, function}
{day, year, event}

BadTrans is a malicious Microsoft Windows computer worm distributed by e-mail. Because of a known vulnerability in older versions of Internet Explorer, some e-mail programs, such as Microsoft's Outlook Express and Microsoft Outlook programs, may install and execute the worm as soon as the e-mail message is viewed.

Once executed, the worm replicates by sending copies of itself to other e-mail addresses found on the host's machine, and installs a keystroke logger, which then captures everything typed on the affected computer. Badtrans then transmits the data to one of several e-mail addresses. (For more technical details on the worm, see this.)

Among the e-mail addresses that received the keyloggers were free addresses at Excite, Yahoo, and IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains, a San Francisco-based Internet service provider. The target address at IJustGotFired began receiving e-mails at 3:23pm on November 24, 2001. Once the account exceeded its quotas, it was automatically disabled, but the messages were still saved as they arrived. The address received over 100,000 keylogs in the first day alone.

In mid-December, the FBI contacted Rudy Rucker, Jr., owner of MonkeyBrains, and requested a copy of the keylogged data. All of that data was stolen from the victims of the worm; it includes no information about the creator of Badtrans. Instead of complying with the FBI request, MonkeyBrains published a database website http://badtrans.monkeybrains.net for the public to determine if a given address has been compromised. The database does not reveal the actual passwords or keylogged data.

Full article ▸

related documents
IceWM
Private line
COM (hardware interface)
End-to-end connectivity
Backward channel
Symmetric Digital Subscriber Line
Freescale 683XX
On-hook
Common management information service
Intel 80188
Logical Link Control
Irssi
VESA Display Power Management Signaling
Binary image
Total Access Communication System
DirectDraw
BESK
IBM Lotus SmartSuite
IBM 801
KA9Q
Electric power control
Layout engine
PostNuke
Frequency deviation
KMail
8-bit clean
Intel 80486SX
Isochronous burst transmission
DARPA TIDES program
Distributed Component Object Model