advertising information

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...

Trojan horse gathers user data, e-mails it to China

graphic

January 8, 1999
Web posted at: 11:37 a.m. EDT (1137 GMT)

by Kathleen Ohlson

(IDG) -- A malicious computer program called picture.exe has been wreaking havoc among PC users for at least a week, capturing personal information from their hard drives and sending it to an electronic-mail address in China, according to a software security firm.

INTERACTIVE:

Has your computer ever been hit with a virus or Trojan horse?

Yes No
View Results

Users began to notice the program, known as a Trojan horse, last Friday, when they started receiving a flood of spam that continued over the weekend, said Vincent Gullotto, manager of Network Associates Inc.'s antivirus emergency response team. By Monday, the company's call center was deluged with queries about the problem, Gullotto said.

The spam has hit users in many countries and "is [doing] a pretty good job of getting around," Gullotto said.

picture.exe arrives as an e-mail attachment to a spam message and once opened, drops a file called manager.exe onto a user's PC, Gullotto said. manager.exe then unleashes note.exe, which hooks onto a Windows subdirectory, looks for information on different drives and encrypts it, he said. The next time the PC runs, note.exe creates a list of URLs and manage.exe runs, attempting to send the information to the Chinese e-mail address. Gullotto called it "an elaborate attempt to get information."
MORE COMPUTING INTELLIGENCE
  IDG.net home page
  Computerworld's home page
 Computerworld Ye ar 2000 resource center
 Computerworld's online subscription center
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
  Subscribe to IDG.net's free daily newsletter for IT leaders
 News Radio
  Computerworld Minute
  Fusion audio primers
     

Santa Clara, Calif.-based Network Associates will post two detection programs today on its Web site to help users find out if picture.exe is on their PCs. In the meantime, if users receive that file, Gullotto recommends that they delete it. If picture.exe has run, he suggested using an antivirus program to remedy the problem.

While one analyst was surprised at the elaborate tactics of the Trojan horse, he wasn't shocked that something like this had been created. "This kind of stuff is easy to put together with PC-cracking tools from the Internet," said Jim Hurley, an analyst at Aberdeen Group Inc. in Boston.

The best way to stop the attacks "requires a bit of investment" in staffing and training and using network scanning and sniffing tools to ferret out such problems, Hurley said.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

  
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.