Skip to main content
ad info
  
CNN.com technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  
[CNN.com] TOP STORIES
N. Y. plans to heal skyline

Stocks rise on Case departure

Lieberman's presidential announcement today

New arrests may be linked to UK ricin scare

(MORE)
[CNN Money] BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS
4:30pm ET, 4/16
DJIA
144.70
8257.60
NAS
3.71
1394.72
S&P
10.90
879.91
 
[SI.com] SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

> All Scoreboards
WEATHER
All cities
WORLD
U.S. spies 3 potential nuke sites
U.S.
10,000 refugees from Burundi coming to U.S.
ALLPOLITICS
Foley will name alleged abuser
LAW
Stunned relatives pack Iowa courtroom
ENTERTAINMENT
Rock 'n' roll genius getting his licks at 80
HEALTH
Seafood benefits outweigh risks, government says
TRAVEL
Machu Picchu can wait
CAREER
A well-balanced 'Day on the Job'
-> (MORE HEADLINES)
MAINPAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW
SCI-TECH
 *
SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
CAREER
LOCAL
IN-DEPTH
EDITIONS
CNN.com Asia
CNN.com Europe
set your edition


Virus may steal AOL users' passwords

graphic
 
From...
 Network World Fusion

by James Niccolai

(IDG) -- Members of AOL Thursday were warned to be on the lookout for a trojan horse virus that can steal their passwords, potentially allowing a hacker to access their e-mail and other personal information.

The virus, dubbed APStrojan.qa, emerged Jan. 25 and is the most active in a string of similar viruses affecting AOL users that have been identified over the past year, according to antivirus software vendor McAfee.com. In the past 30 days reports of the virus have doubled, said April Goostree, a virus research manager at McAfee.com. AOL Time Warner is the parent company of CNN.com.

It wasn't clear exactly how many users have been affected, but the number is "significant," Goostree said. The virus has been rated medium-risk for AOL users, and low-to-medium-risk for corporate users.

  MESSAGE BOARD
Security on the net
 
IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



A trojan virus is a malicious program that arrives disguised as a harmless application but in fact carries a nasty payload. The AOL trojan takes the form of an attachment named "mine.zip" and spreads itself in an e-mail bearing the subject line "hey you." Text in the body of the message suggests that the attachment contains scanned images, McAfee.com said.

The virus tries to steal the account numbers and passwords of AOL users and, if successful, will e-mail them back to the author of the virus. This could give the hacker access to user's e-mail and other personal information.

When a user logs on to the AOL service, the virus will also try to e-mail itself to all of the contacts listed in that member's Buddy List. That means users who are not AOL members can also receive the virus. Those non-AOL users are not at risk of having passwords stolen, but the virus will slow down the performance of any PC it infects, Goostree said.

This ability of the virus to e-mail itself to other users occurs only with version 4.0 of AOL's software. Improvements to Versions 5.0 and 6.0 prevent the virus from replicating itself, although it can still steal passwords from users of those versions. In addition, when a user of AOL Version 6.0 is infected, the virus creates a pop-up message urging the user to switch back to Version 4.0 of the software, Goostree said.

AOL 4.0 users constitute a "distinct minority" of members, with most using versions 5.0 or 6.0, said AOL spokesman Andrew Weinstein.

The company played down the significance of the virus and said it hasn't felt the need to send a warning to its members via e-mail.

"Obviously we can't speak for McAfee, but we haven't seen a significant increase in the number of people affected," Weinstein said.

The virus is written in Visual Basic 5, and first appeared in a slightly different form in January of 2000. As with other viruses, hackers have since played with the virus code to create new strains, trying to stay one step ahead of antivirus programs that detect it.

"As we've been tracking it over the past few months we have watched this thing increase in activity," Goostree said. "In the last 30 days we've watched it increase 100%, so we said, 'OK, we need to talk to AOL and get this thing wiped out.'"

AOL responded well, she said, and the ISP has been pointing members to a McAfee.com Web site where users can cleanse their PCs for free.


 RELATED STORIES:
Analysis: Understanding viruses
January 30, 2001
McAfee: No viruses reported during holidays
January 3, 2001
How a computer virus works
October 23, 2000
AOL says hackers may have stolen credit card numbers
June 17, 2000
RELATED IDG.net STORIES:
Understanding viruses
(SunWorld)
Melissa comes to the Mac
(Macworld)
Revamped Melissa requires antivirus update
(Network World Fusion)
Was there a global youth plot to cripple the Web?
(The Industry Standard)
Users angry at lack of support for Symantec antivirus software
(Computerworld)
McAfee antivirus update gives NT 4.0 the flu
(IDG.net)
What you didn't get for Christmas: viruses
(InfoWorld.com)
Sophos ranks year's ten most troubling viruses
(IDG.net)
RELATED SITES:
McAfee.com
AOL

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 Search   
Back to the top 
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.