A sneaky Windows computer virus is circulating that tries to install software that monitors what users are typing and passes it to the malicious program's creator.
Like many of the other computer viruses that have struck in recent months, BadTrans-B attempts to spread by exploiting weaknesses in Microsoft e-mail programs.
One anti-virus company has caught over 20,000 copies of the virus in the last 24 hours.
The UK, Germany and US are the countries most seriously infected by the virus.
Old holes
The BadTrans-B virus is spreading swiftly because, unlike many other e-mail viruses, the pernicious payload that helps it raid Microsoft Outlook address books does not have to be clicked on to set it off.
Simply previewing the item could cause infection. The loophole the virus exploits was first discovered in early 2001.
Badtrans-B file names |
humour docs s3msong me_nude card searchurl you_are_fat! news_doc images pics |
"It's baffling to find that even though Microsoft secured that hole eight months ago, many users have still not applied the patch," said Graham Cluley of anti-virus firm Sophos. When the virus mails itself to the contacts in the address books it raids, the virus uses a subject line from an existing message to make it appear to be a legitimate reply.
The virus also regularly swaps the name of the attachment travelling with it, in an attempt to conceal its pernicious payload.
BadTrans-B is a variant of the original BadTrans virus that was first discovered in April.
BT Openworld error
As well as raiding Outlook and Outlook Express address books, the virus also tries to implant a hidden program that tries to send an identifying net address to the author of the virus.
The hidden program also monitors what users are typing and the information it tracks could be used by a malicious hacker to steal credit card information or passwords for websites.
Britain seems to have been hit hard by the BadTrans-B Windows virus. Anti-virus firm Message Labs, which logs the numbers of pernicious programs it traps, has caught over 21,000 copies of BadTrans-B in the last 24 hours. Over 50% of these originated in Britain.
The spread of the virus was inadvertently helped by BT Openworld, which accidentally e-mailed a copy of the virus to its customers.