Discussion in 'malware problems & news' started by FanJ, Jun 10, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: Troj/DSS-A
    Type: Trojan
    Date: 10 June 2002

    At the time of writing Sophos has received no reports from users
    affected by this Trojan. However, we have issued this advisory
    following enquiries to our support department from customers.

    Note: Sophos has been capable of protecting against Troj/DSS-A
    since the June 2002 (3.5:cool: release of Sophos Anti-Virus. This
    updated IDE enhances detection of Troj/DSS-A. Sophos recommends
    customers install this IDE onto their computer systems.


    Troj/DSS-A is a Trojan which drops the file INDEX.HTM into the
    Windows Temp folder. The Trojan then opens this file in a hidden
    browser window. INDEX.HTM contains an HTML script which attempts
    to connect to a web site about twenty minutes after opening.

    The web site contains an advertisement for a web site with
    pornographic content and may attempt to drop a dialler program
    onto the user's computer.

    The behaviour of Troj/DSS-A may be altered dynamically by
    changing the contents of the web page to which it connects.

    The Trojan file is likely to arrive in an email as an attachment
    called OPENME.EXE.

    Read the analysis at
Thread Status:
Not open for further replies.