Main Page | See live article | Alphabetical index

Badtrans

BadTrans is a malicious Microsoft Windows computer worm distributed by e-mail. Because of a known vulnerability in Internet Explorer, some e-mail programs, such as Microsoft's Outlook Express and Outlook programs, may install and execute the worm as soon as the e-mail message is viewed. Once executed, the worm replicates by sending copies of itself to other email addresses found on the host's machine, and installs a keystroke logger, which then captures everything typed on the affected computer. Badtrans then transmits the data to one of several e-mail addresses.

(For more technical details on the worm, see " class="external">http://www.cert.org/incident_notes/IN-2001-14.html.)

Among the e-mail address that receive the keylogs are free addresses at Excite, Yahoo, and IJustGotFired.com. IJustGotFired is a free service of MonkeyBrains, a San Francisco-based Internet service provider.

The target address at IJustGotFired began receiving emails at 3:23pm on November 24, 2001. Once the account exceeded its quotas, it was automatically disabled, but the messages were still saved as they arrived. The address received over 100,000 keylogs in the first day alone.

In mid-December, the FBI contacted Rudy Rucker, Jr., owner of MonkeyBrains, and requested a copy of the keylogged data. All of that data was stolen from the victims of the worm; it includes no information about the creator of Badtrans.

MonkeyBrains has published a database set up so that the public can determine whether a given address has been compromised. The database does not reveal the actual passwords or keylogged data. The database is available at " class="external">http://badtrans.monkeybrains.net.

The information on MonkeyBrains was condensed from the article http://www.dailyrotten.com/articles/archive/189387.html, which is copyright 2001 Soylent Communications. No infringement is intended; this author made a good faith effort to rewrite the information.