 |
| CNN WEB SITES: |
|
| TIME INC. SITES: |
| MORE SERVICES: |
| video on demand |
| video archive |
| audio on demand |
| news email services |
| free email accounts |
| desktop headlines |
| pointcast |
| pagenet |
| DISCUSSION: |
| message boards |
| chat |
| feedback |
| SITE GUIDES: |
| help |
| contents |
| search |
| FASTER ACCESS: |
| europe |
| japan |
| WEB SERVICES: |
From...
Trojan horse gathers user data, e-mails it to China
January 8, 1999
Web posted at: 11:37 a.m. EDT (1137 GMT)
by Kathleen Ohlson
(IDG) -- A malicious computer program called picture.exe has been wreaking havoc among PC users for at least a week, capturing personal information from their hard drives and sending it to an electronic-mail address in China, according to a software security firm.
 INTERACTIVE:
|
|
|
Users began to notice the program, known as a Trojan horse, last Friday, when they started receiving a flood of spam that continued over the weekend, said Vincent Gullotto, manager of Network Associates Inc.'s antivirus emergency response team. By Monday, the company's call center was deluged with queries about the problem, Gullotto said.
The spam has hit users in many countries and "is [doing] a pretty good job of getting around," Gullotto said.
picture.exe arrives as an e-mail attachment to a spam message and once opened, drops a file called manager.exe onto a user's PC, Gullotto said. manager.exe then unleashes note.exe, which hooks onto a Windows subdirectory, looks for information on different drives and encrypts it, he said. The next time the PC runs, note.exe creates a list of URLs and manage.exe runs, attempting to send the information to the Chinese e-mail address. Gullotto called it "an elaborate attempt to get information."
|
|
||
|---|---|---|
 |
IDG.net home page | |
| Computerworld's home page | ||
| Computerworld Ye ar 2000 resource center | ||
| Computerworld's online subscription center | ||
| Reviews & in-depth info at IDG.net | ||
| IDG.net's personal news page | ||
| Questions about computers? Let IDG.net's editors help you | ||
|
Search IDG.net in 12 languages |
||
| Subscribe to IDG.net's free daily newsletter for IT leaders | ||
| News Radio | ||
 |
Computerworld Minute | |
|
|
Fusion audio primers | |
Santa Clara, Calif.-based Network Associates will post two detection programs today on its Web site to help users find out if picture.exe is on their PCs. In the meantime, if users receive that file, Gullotto recommends that they delete it. If picture.exe has run, he suggested using an antivirus program to remedy the problem.
While one analyst was surprised at the elaborate tactics of the Trojan horse, he wasn't shocked that something like this had been created. "This kind of stuff is easy to put together with PC-cracking tools from the Internet," said Jim Hurley, an analyst at Aberdeen Group Inc. in Boston.
The best way to stop the attacks "requires a bit of investment" in staffing and training and using network scanning and sniffing tools to ferret out such problems, Hurley said.