Tuesday, November 27, 2001

Badtrans "worm" can capture keystrokes A malicious program called Badtrans is moving around the Internet and worming itself into vulnerable computers and using a keystroke logger to surreptitiously record passwords, credit data, and other information. A virus manager at the security firm McAfee says that the worm "does no damage to files but does drop a backdoor trojan on the machine which would allow a hacker to come back and access personal information." Badtrans spreads through Microsoft's Outlook or Outlook Express e-mail programs and arrives with an attachment that can be executed simply by reading or previewing it and doesn't need to be double-clicked or opened separately. [Reuters/*San Jose Mercury News*, 27 Nov 2001; NewsScan Daily, 27 Nov 2001] http://www.siliconvalley.com/docs/news/svfront/034639.htm [Incidentally, we received a lot of e-mail on Magic Lantern. Let me summarize a little. Rob Slade questioned whether it was a virus in RISKS-21.78. This is an old battle, because "virus" has become overloaded. Peter da Silva and PGN both insist it is a Trojan Horse. Let's get on with it, and use the terminology correctly. There was some discussion on whether or not McAfee et al. will suppress detection of an FBI-planted virus, vague denials. There were some comments about ML being used only against bad guys, so what's the problem (slippery slope there). Tony Harminc remarked that collection need not be real-time if a Trojan horse is collecting the info for later dissemination. Dave Farber wondered about the possibility of disguising a really nasty virus so that it would slip through the mechanism that intentionally failed to detect ML. Several folks resurrected the old argument that the ability to insert malware actually weakens security. PGN] ["NewsScan" via risks-digest Volume 21, Issue 80] 0:00 # G!