An Internet worm that leaves infected computers vulnerable to hacking by tracking what is typed -- including passwords and credit-card details -- appears to have peaked, but is still spreading through users who have not updated their antivirus software, experts said on Tuesday. United Kingdom-based MessageLabs estimated the number of "Badtrans" infections at 16,000 to 18,000 globally on Monday and about 16,000 on Tuesday, more than 600 an hour. The worm, first detected in Britain last Friday, has spread in Europe, particularly England and Germany, and in North and South America, but does not seem to be doing much damage in Asia, experts said. Uruguay antivirus company Videosoft reported receiving nearly 20 infected messages in six hours, which it said was a high tally for a single virus. In the four days since it began spreading, the Badtrans worm has surpassed SirCam in number of infections for all of November, antivirus companies reported. Mostly home and small business computer users are affected, with most large companies blocking the worm at the e-mail gateway.

Badtrans spreads through Microsoft Corp. Outlook or Outlook Express e-mail programs, automatically sending itself to unanswered e-mails and installing a keystroke logger on the infected machine that can record everything someone types, including passwords and credit card information. Unlike most worms, which are self-propagating computer viruses, Badtrans does not require someone to click on and open up the attachment to infect the machine. Just reading or previewing the e-mail executes the worm, experts said. The worm makes a record of the keystrokes and sends it off periodically to one of about 20 e-mail addresses, some of which are no longer in use, experts said.