A new Internet worm that installs a backdoor program that can enable attackers to access recipients' computers is spreading online - but doesn't work on Macs.
Called Badtrans B, the worm is a variant of the older Badtrans virus, according to antivirus companies. It executes when users open an infected email – it doesn't require that users click on an attachment, and exploits a security vulnerability in Microsoft's Outlook and Outlook Express email clients to automatically execute the attachment when the email is opened.
Badtrans arrives in the recipient's in-box with a "Re:" subject line to an email actually sent by the user. When run, it sends itself to all email addresses listed in unread messages in the victim system's inbox. Some experts believe the worm sends itself to all addresses listed in the user's address book, however.
Outside control It then installs a Trojan horse, or backdoor, program that allows an attacker to gain access to the infected computer and attempts to sends the IP (Internet Protocol) address of the infected machine to the worm's author.
After execution, Badtrans also runs a keylogger program that can record all data entered via the keyboard, including passwords, credit card numbers and other personal information, according to Activis and McAfee.com. The data gathered by the keylogger is saved in encrypted form on the system's hard drive, they said.
The worm appears in email boxes with either no text in the body of the message or some of the original message's text. Attachments included with the worm will appear to be .MP3, .DOC or .ZIP files, but are actually double extension files with .SCR or .PIF extensions, the companies said.