Badtrans Internet worm logs password keystrokes and attempts to email the log to its creator

Incident Date: September 2003
Incident Location:

An Internet worm, named Badtrans, attempts to steal passwords by installing a Trojan horse program after it infects a computer. This Trojan logs the userís keystrokes in a file named cp_25389.nls in the Windows system directory. The worm may encrypt the keystroke log. The worm then attempts to send the log to one of 22 different email accounts, located at yahoo.com, excite.com and other sites.


Story Sources

Title: Badtrans worm analysis
Author:
Date:
Publication: Sophos Virus Database
Publication Location: USA
Publication URL: http://www.sophos.com/virusinfo/analyses/w32badtransb.html


Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com