Return to UOCC HomeComputing News Home
Header bar

Virus Alerts: VBS.Haptime, W32.Badtrans.B@mm Seen on Campus

Outlook users need to be especially careful

Two worm viruses, Haptime and W32.Bdtrans.B@mm, have been making the rounds on campus over the last few months. Fortunately, you can protect yourself fairly easily by installing the requisite patches and keeping your antivirus software up to date. It's also good general practice not to open email attachments from an unknown, suspicious or untrustworthy source. We also continue to recommend that users not run Outlook or Outlook Express.

VBS.Haptime. Haptime, recently downgraded by Symantec from a threat level of Category 4 to Category 3, should nonetheless be taken seriously. A Visual Basic Script (VBS) worm, Haptime infects .htm, .html, .vbs, .asp, and .htt files, using Outlook Express as the mechanism of reproduction. Users are infected through an email attachment named "Untitled.htm," and spread the virus via Outlook Express. Haptime infections usually become apparent when Windows complains that the Active Desktop is corrupt and needs to be restored. Symantec's Haptime fix is available at http://securityresponse.symantec.com/avcenter/venc/data/vbs.haptime.fix.html

W32.Badtrans.B@mm. Exploiting a previously patched hole in Outlook's email program, this MAPI worm emails itself out as one of several different file names, including HUMOR, DOCS, S3MSONG, ME_NUDE, CARD, SEARCHURL, YOU_ARE_FAT!, NEWS_DOC, IMAGES, and PICS. It then installs malicious code on infected computers to usurp private information such as usernames and passwords. The virus is activated simply by clicking to open and read an infected email message in Microsoft OutlookÑno need to even open an attachment. Once Badtrans.B is active on a system, it emails itself to addresses contained in email address books, web cache, and the "My Documents" folder.

To remove the virus (excluding its variants), you can use Symantec's W32.Badtrans.B@mm Removal Tool at http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.removal.tool.html

For more information on Badtrans.B, see Microsoft's Security Bulletin MS01-020 at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

Also see CERT's Incident Note at http://www.cert.org/incident_notes/IN-2001-14.html

Winter 2002 Computing News | Computing Center Home Page