theos-l

[MASTER INDEX] [DATE INDEX] [THREAD INDEX] [SUBJECT INDEX] [AUTHOR INDEX]

[Date Prev] [Date Next] [Thread Prev] [Thread Next]

Trojan Horse

Jan 08, 1999 09:19 AM
by M K Ramadoss


Hi, Here is something interesting.

mkr
===================================================

                  Trojan horse gathers user
                  data, e-mails it to China

                  January 8, 1999
                  Web posted at: 11:37 a.m. EDT (1137 GMT)

                  by Kathleen Ohlson

                  (IDG) -- A malicious computer
                  program called picture.exe has
                  been wreaking havoc among PC
                  users for at least a week, capturing
                  personal information from their hard
                  drives and sending it to an electronic-mail address
            in China, according to a
                  software security firm.

                  Users began to notice the program, known as a
      Trojan horse, last Friday,
                  when they started receiving a flood of spam that
         continued over the
                  weekend, said Vincent Gullotto, manager of Network
           Associates Inc.'s
                  antivirus emergency response team. By Monday, the
          company's call center
                  was deluged with queries about the problem,
    Gullotto said.

                  The spam has hit users in many countries and "is
         [doing] a pretty good job of
                  getting around," Gullotto said.

                  picture.exe arrives as an e-mail attachment
                  to a spam message and once opened, drops
                  a file called manager.exe onto a user's PC,
                  Gullotto said. manager.exe then unleashes
                  note.exe, which hooks onto a Windows
                  subdirectory, looks for information on
                  different drives and encrypts it, he said. The
                  next time the PC runs, note.exe creates a
                  list of URLs and manage.exe runs,
                  attempting to send the information to the
                  Chinese e-mail address. Gullotto called it
                  "an elaborate attempt to get information."

                  Santa Clara, Calif.-based Network
                  Associates will post two detection
                  programs today on its Web site to help
                  users find out if picture.exe is on their PCs.
                  In the meantime, if users receive that file,
                  Gullotto recommends that they delete it. If
                  picture.exe has run, he suggested using an
                  antivirus program to remedy the problem.

                  While one analyst was surprised at the elaborate
         tactics of the Trojan horse,
                  he wasn't shocked that something like this had been
            created. "This kind of
                  stuff is easy to put together with PC-cracking
       tools from the Internet," said
                  Jim Hurley, an analyst at Aberdeen Group Inc. in
         Boston.

                  The best way to stop the attacks "requires a bit of
            investment" in staffing and
                  training and using network scanning and sniffing
         tools to ferret out such
                  problems, Hurley said.


[Back to Top]


Theosophy World: Dedicated to the Theosophical Philosophy and its Practical Application