BT Openworld sends virus to customers

BT Openworld has been slammed for its role in the spread of the Badtrans-B virus this week.

BT Openworld has been slammed for its role in the spread of the Badtrans-B virus this week.

The spread of the virus, which originated in the UK, would have been slowed if BT Openworld had installed the latest Microsoft Outlook patches.

In the early hours of the life of the virus, BT Openworld ADSL customers were infected by attachments sent out by the service provider's e-mail response system.

BT Openworld's contact centre has a PC dedicated to receiving customer e-mail correspondence.

When customers sent in e-mail queries an automated response was dispatched which included two previously unheard of viruses - Badtrans-B and Troj/PWS-AV.

Independent security consultant and LSE research fellow Peter Sommers was appalled at the apparent lack of security awareness at the UK's flagship telecoms company. "I am extremely surprised to hear that a large organisation which should have comprehensive security procedures failed in such a fundamental way to secure its systems," he said.

Mark Sunner, chief technical officer of anti-virus supplier Messagelabs, said "There is no excuse - ISPs should be clearing for viruses. Not only was the subject line obvious but this particular piece of code was screaming 'I am a virus'. These mass mailers can be a global event in a matter of hours, but if virus scanning was done upstream it would make a massive dent in the problem."

W32/Badtrans-B runs automatically and scours Microsoft Outlook Express and elsewhere on a user's machine for e-mail addresses to send itself to, as well as dropping the Troj/PWS-AV password-stealing trojan into the PC's memory.

Unpatched versions of Outlook Express 5 are vulnerable to the worm.

BT Internet, which has thousands of business customers in the UK, was not the only domain affected but it delivered 29% of the virus' occurrences in the early stages of its life, according to Messagelabs statistics. Next worst was NTLWorld, which delivered 11% of occurrences.

BT Openworld customer IT consultant Richard Haselgrove received the worm when he e-mailed BT Openworld to inform it of a service outage. The reply e-mail contained an attachment entitled YOU_ARE_ FAT!.MP3.scr.

"It was blatantly obvious by its file name that this was a malicious attachment," he said. "BT Openworld managers didn't act when the file name was screaming at us, even though virus scanning software wasn't detecting it."

A BT Openworld spokesman said, "We became aware of this problem over the weekend, halted distribution of e-mails and carried out virus checks. Only a small number of customers were affected. We are taking action to increase security. We have not been able to trace the source of this virus."

Read more on Operating systems software