BT Openworld has been slammed for its role in the spread of the
Badtrans-B virus this week.
The spread of the virus, which originated in the UK, would have
been slowed if BT Openworld had installed the latest Microsoft
Outlook patches.
In the early hours of the life of the virus, BT Openworld ADSL
customers were infected by attachments sent out by the service
provider's e-mail response system.
BT Openworld's contact centre has a PC dedicated to receiving
customer e-mail correspondence.
When customers sent in e-mail queries an automated response was
dispatched which included two previously unheard of viruses -
Badtrans-B and Troj/PWS-AV.
Independent security consultant and LSE research fellow Peter
Sommers was appalled at the apparent lack of security awareness at
the UK's flagship telecoms company. "I am extremely surprised to
hear that a large organisation which should have comprehensive
security procedures failed in such a fundamental way to secure its
systems," he said.
Mark Sunner, chief technical officer of anti-virus supplier
Messagelabs, said "There is no excuse - ISPs should be clearing for
viruses. Not only was the subject line obvious but this particular
piece of code was screaming 'I am a virus'. These mass mailers can
be a global event in a matter of hours, but if virus scanning was
done upstream it would make a massive dent in the problem."
W32/Badtrans-B runs automatically and scours Microsoft Outlook
Express and elsewhere on a user's machine for e-mail addresses to
send itself to, as well as dropping the Troj/PWS-AV
password-stealing trojan into the PC's memory.
Unpatched versions of Outlook Express 5 are vulnerable to the
worm.
BT Internet, which has thousands of business customers in the UK,
was not the only domain affected but it delivered 29% of the virus'
occurrences in the early stages of its life, according to
Messagelabs statistics. Next worst was NTLWorld, which delivered
11% of occurrences.
BT Openworld customer IT consultant Richard Haselgrove received the
worm when he e-mailed BT Openworld to inform it of a service
outage. The reply e-mail contained an attachment entitled YOU_ARE_
FAT!.MP3.scr.
"It was blatantly obvious by its file name that this was a
malicious attachment," he said. "BT Openworld managers didn't act
when the file name was screaming at us, even though virus scanning
software wasn't detecting it."
A BT Openworld spokesman said, "We became aware of this problem
over the weekend, halted distribution of e-mails and carried out
virus checks. Only a small number of customers were affected. We
are taking action to increase security. We have not been able to
trace the source of this virus."