|
Badtrans Internet worm logs password keystrokes and attempts to email the log to its creator
Incident Date: September 2003 Incident Location: An Internet worm, named Badtrans, attempts to steal passwords by installing a Trojan horse program after it infects a computer. This Trojan logs the user’s keystrokes in a file named cp_25389.nls in the Windows system directory. The worm may encrypt the keystroke log. The worm then attempts to send the log to one of 22 different email accounts, located at yahoo.com, excite.com and other sites. Story Sources Title: Badtrans worm analysis Author: Date: Publication: Sophos Virus Database Publication Location: USA Publication URL: http://www.sophos.com/virusinfo/analyses/w32badtransb.html Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |