From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

BadTrans is a malicious Microsoft Windows computer worm distributed by e-mail. Because of a known vulnerability in older versions of Internet Explorer, some e-mail programs, such as Microsoft's Outlook Express and Microsoft Outlook programs, may install and execute the worm as soon as the e-mail message is viewed.

Once executed, the worm replicates by sending copies of itself to other e-mail addresses found on the host's machine, and installs a keystroke logger, which then captures everything typed on the affected computer. Badtrans then transmits the data to one of several e-mail addresses.[1]

Among the e-mail addresses that received the keyloggers were free addresses at Excite, Yahoo, and

The target address at IJustGotFired began receiving e-mails at 3:23pm on November 24, 2001. Once the account exceeded its quotas, it was automatically disabled, but the messages were still saved as they arrived; the address received over 100,000 keylogs in the first day alone.[2]

In mid-December, the FBI contacted Rudy Rucker, Jr., owner of MonkeyBrains, and requested a copy of the keylogged data. All of that data was stolen from the victims of the worm; it includes no information about the creator of Badtrans. Instead of complying with the FBI request, MonkeyBrains published a database website for the public to determine if a given address has been compromised. The database does not reveal the actual passwords or keylogged data.[3]


  1. ^ Kevin Houle, Chad Dougherty (2001-11-27). "W32/BadTrans Worm". Archived from the original on 17 December 2001. Retrieved 2001-12-01.
  2. ^ HOPE Wiki (2010-06-21). "H2K2/Talks".
  3. ^ A.C. Thompson (2000-12-18). "Directing traffic". Retrieved 2011-01-11.