Badtrans Internet worm logs password keystrokes and attempts to email the log to its creator
Incident Date: September 2003
An Internet worm, named Badtrans, attempts to steal passwords by installing a Trojan horse program after it infects a computer. This Trojan logs the userís keystrokes in a file named cp_25389.nls in the Windows system directory. The worm may encrypt the keystroke log. The worm then attempts to send the log to one of 22 different email accounts, located at yahoo.com, excite.com and other sites.
Title: Badtrans worm analysis
Publication: Sophos Virus Database
Publication Location: USA
Publication URL: http://www.sophos.com/virusinfo/analyses/w32badtransb.html
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.