advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Trojan horse gathers user data, e-mails it to China


January 8, 1999
Web posted at: 11:37 a.m. EDT (1137 GMT)

by Kathleen Ohlson

(IDG) -- A malicious computer program called picture.exe has been wreaking havoc among PC users for at least a week, capturing personal information from their hard drives and sending it to an electronic-mail address in China, according to a software security firm.


Has your computer ever been hit with a virus or Trojan horse?

Yes No
View Results

Users began to notice the program, known as a Trojan horse, last Friday, when they started receiving a flood of spam that continued over the weekend, said Vincent Gullotto, manager of Network Associates Inc.'s antivirus emergency response team. By Monday, the company's call center was deluged with queries about the problem, Gullotto said.

The spam has hit users in many countries and "is [doing] a pretty good job of getting around," Gullotto said.

picture.exe arrives as an e-mail attachment to a spam message and once opened, drops a file called manager.exe onto a user's PC, Gullotto said. manager.exe then unleashes note.exe, which hooks onto a Windows subdirectory, looks for information on different drives and encrypts it, he said. The next time the PC runs, note.exe creates a list of URLs and manage.exe runs, attempting to send the information to the Chinese e-mail address. Gullotto called it "an elaborate attempt to get information."
  Computerworld's home page
 Computerworld Ye ar 2000 resource center
 Computerworld's online subscription center
 Reviews & in-depth info at's personal news page
  Questions about computers? Let's editors help you
  Search in 12 languages
  Subscribe to's free daily newsletter for IT leaders
 News Radio
  Computerworld Minute
  Fusion audio primers

Santa Clara, Calif.-based Network Associates will post two detection programs today on its Web site to help users find out if picture.exe is on their PCs. In the meantime, if users receive that file, Gullotto recommends that they delete it. If picture.exe has run, he suggested using an antivirus program to remedy the problem.

While one analyst was surprised at the elaborate tactics of the Trojan horse, he wasn't shocked that something like this had been created. "This kind of stuff is easy to put together with PC-cracking tools from the Internet," said Jim Hurley, an analyst at Aberdeen Group Inc. in Boston.

The best way to stop the attacks "requires a bit of investment" in staffing and training and using network scanning and sniffing tools to ferret out such problems, Hurley said.

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.