The "Webber" Trojan Turns Computers Into Spam Machines

Kaspersky:

The "Webber" Trojan Turns Computers Into Spam Machines.

Kaspersky Labs reports the mass mailing of the new trojan program
"Webber" (aka "Heloc").

Webber does its harm by installing a proxy server by which evildoers can
send out any data held on infected machines. This past week Kaspersky
Labs detected three Trojan programs of this type.

"In essence, we have a situation involving the creation of an illegal,
extended network that is being exploited by hackers to mass mail spam
using the resources of victim computers, " commented Eugene Kaspersky,
Head of Anti-Virus Research at Kaspersky Labs. "What is most troublesome
is that this network can also be abused to achieve virtually any goal,
including conducting hacker attacks on a global scale and DDos attacks
on the Web resources of large corporations or government institutions."

Webber was spread over the Internet via a mass mailing conducted on July
16, 2003. The message containing Webber has the following subject line:
"Re: Your credit application", and a file attachment named
"web.da.us.citi.heloc.pif". This file name is similar to a Web address
and therefore can at times confuse users and lead them to execute the
infected file. Once run, Webber clandestinely downloads its additional
components from a remote Web-server and installs them on the now
infected computer. Collateral damage attributed to this trojan includes
sending to its "master" (hacker controlling the trojan) a list of
passwords dug out of a victim machine's cache memory.

The defense against this malicious program has already been added to the
Kaspersky Anti-Virus database.

For a more detailed description of Webber please go to the Kaspersky
Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=61335

 

Sophos:

http://www.sophos.com/virusinfo/analyses/trojwebbera.html