From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

BadTrans is a malicious Microsoft Windows computer worm distributed by e-mail. Because of a known vulnerability in older versions of Internet Explorer, some e-mail programs, such as Microsoft's Outlook Express and Microsoft Outlook programs, may install and execute the worm as soon as the e-mail message is viewed.

Once executed, the worm replicates by sending copies of itself to other e-mail addresses found on the host's machine, and installs a keystroke logger, which then captures everything typed on the affected computer. Badtrans then transmits the data to one of several e-mail addresses.[1]

Among the e-mail addresses that received the keyloggers were free addresses at Excite, Yahoo, and

The target address at IJustGotFired began receiving e-mails at 3:23pm on November 24, 2001. Once the account exceeded its quotas, it was automatically disabled, but the messages were still saved as they arrived. The address received over 100,000 keylogs in the first day alone.[2]

In mid-December, the FBI contacted Rudy Rucker, Jr., owner of MonkeyBrains, and requested a copy of the keylogged data. All of that data was stolen from the victims of the worm; it includes no information about the creator of Badtrans. Instead of complying with the FBI request, MonkeyBrains published a database website for the public to determine if a given address has been compromised. The database does not reveal the actual passwords or keylogged data.[3]


  1. ^ Kevin Houle, Chad Dougherty (2001-11-27). "W32/BadTrans Worm". Archived from the original on 17 December 2001. Retrieved 2001-12-01.
  2. ^ HOPE Wiki (2010-06-21). "H2K2/Talks".
  3. ^ A.C. Thompson (2000-12-18). "Directing traffic". Retrieved 2011-01-11.