Dangerous New Virus, Same Old Hole

An old and well-known security flaw in Microsoft's Internet Explorer is continuing to cause problems, as a new worm that exploits the flaw spreads on the Internet.

The worm, known as W32/BadTrans.B-mm, has been spotted in 50 countries, and is propagating rapidly, says Dave White, technical manager for security company MessageLabs. It takes advantage of a well-publicized hole in Explorer, the same vulnerability used by the Nimda virus, which infected millions of computers earlier this fall.

A previous version of the worm, BadTrans.A, spread in April, infecting users who opened an infected E-mail attachment, but the new variant can infect users who merely read or preview the message in Microsoft's Outlook E-mail program. Once activated, the virus spreads by both replying to unread messages in the user's mailbox and mailing everyone in the recipient's address book. It also installs a Trojan-horse key-logging program on the user's computer, which collects confidential information like passwords and E-mails them to another address.

"We're getting hit quite hard," says Russ Cooper, surgeon general for security firm TruSecure Corp. He says that a patch for the IE vulnerability has been available since March, but that home users in particular have been slow to update their security. "Unless they've had a bad experience before, they haven't learned what they should and shouldn't do," he says. "The average person doesn't even know that these things exist, so adoption is going to be slow."