Skip Over Navigation Links
Center for Information TechnologyAntivirus
Antivirus Home Page
Contact Us
Questions or Comments
Disclaimers

Software
Current client downloads:
VScan Engine/Dat (SuperDat) -4.3.20/4.0.4399
VirusScan Enterprise 8.0i - Windows NT/2000/XP/2003
VirusScan Enterprise 7.1 - Windows NT/2000/XP/2003
Version 4.5.1 (install Service Pack 1) - Windows 9x/ME
Virex (OS X) Engine/Def - 7.2(v1.1)/041013
Virex (OS 9.x) Engine/Def - 6.2/041001
Linux & Solaris Engine/Dat - 4.3.20/4.0.4399
Symantec Antivirus - 9.0
Ad-aware - 6.0
Clean Boot 1.0
Stinger v2.4.0 virus removal tool (Updated 9/28/04, 3:22am)
Microsoft Patch Library
Current server downloads:
VirusScan Enterprise 7.1
NetShield NetWare - 4.6.2
NetShield NetWare Engine Update - 4.3.20
ePO agent for NetWare
Sybari Antigen - 528/966
TrendMicro - 6.810/200
ScanMail eManager - 3.0
Microsoft Patch Library

Information
Configuration Tips
VirusScan FAQs
Ad-aware FAQs
Central EMail Status
VirusScan Instructions
Additional Resources
ePO 3.0/VirusScan 7.0 Presentation

Archives
List of Viruses

Virus Archives

W32/Badtrans@mm variants 11/26/01 9:20am

Per NAI these worms attempt to send themselves using Microsoft Outlook by replying to unread email messages. They also drop a trojan file.

The worms are detected by the 4167 (or 2167) dats as Badtrans@MM. The trojan is detected as Backdoor-NK.svr with the 4134 dats.

The first variant has one of the following attachment names:

Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
New_Napster_Site.DOC.scr
news_doc.scr
Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif

With the second variant the attachment name is created from three sections. The first part is chosen from the possibilities:

fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site
README
images
Pics

The second part is chosen from the possibilities:

.DOC.
.MP3.
.ZIP.

and the last part from the possibilities:

pif
scr

Do Not Open The Attachment!

Contact TASC for assistance or call
301.59.Go.CIT (V) 301.496.8294 (TDD)

 National Institutes of HealthCenter for Information Technology
National Institutes of Health
Bethesda, Maryland 20892

Questions or Comments | Disclaimers

 Department of Health and Human ServicesHealth and Human Services
Washington, D.C. 20201
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -