Security professionals yesterday were keeping an eye on another computer worm capable of spreading rapidly by e-mail.
Known as BadTrans.B, the worm has infected several thousand computers each day since its appearance Friday. It is seen as a nuisance because it reproduces by sending itself as a reply to any unread e-mail messages. But unlike some other worms and viruses, it is not known to delete files or cause computers to crash.
The virus also installs a program that records the typing of a person using an infected PC and sends that information to the virus writer’s e-mail address. It is considered a worm, not a virus, because no human involvement is necessary for it to spread.
“This thing has definitely blazed a trail through the end-user community,” said April Goosetree, virus research manager for the computer security company McAfee.com. “This is the classic e-mail worm in that it uses e-mail to propagate.”
BadTrans.B is a variation on the mild BadTrans virus that first appeared in April. It is already as widespread as its predecessor.
Observers of the worm said business networks remain relatively unaffected, because corporations have been diligent about updating anti-virus programs and downloading software patches.
BadTrans.B enters into a computer using a vulnerability in Microsoft’s Internet Explorer versions 5.01 and 5.5. They are the same vulnerabilities used by the fast-spreading “Nimda” worm that appeared in September. Security professionals believe the severity of Nimda nearly 70 percent of all North American companies were affected brought attention to the issue of protecting corporate networks. Millions of the proper security patches have been downloaded from Microsoft’s Web site.
But individual users and those operating smaller business networks have not been as diligent, observers said.
“Most of the infections are coming from small businesses or end-users,” said Vincent Weafer, director of the Anti-Virus Research Center of Symantec Corp., a Cupertino, Calif., Internet security firm.
Messagelabs, Inc., a British firm specializing in e-mail security, said about 60 percent of the computers affected by BadTrans.B were home users, with 37 percent of the complaints coming from businesses. About 90 percent of all those computers affected on Saturday and Sunday alone were nonbusiness systems.
While security professionals breathed a sigh of relief that business networks remained relatively impervious to the worm, they noted that it was still very widespread. Messagelabs reported that it stopped copies of the worm coming from over 100 countries and now rates BadTrans.B worm as the “top bug” on the Internet, replacing the SirCam virus that occupied the top spot for over four months. It is by far the most widespread of the 10 new viruses and worms reported to Messagelabs in December.
Security professionals said it is easy for computer users to protect themselves against BadTrans.B.
“Make sure you’ve got the security patches … and update your virus protection software and you’ll be fine,” Mr. Weafer said.