The "Webber" Trojan Turns Computers Into Spam Machines

Discussion in 'malware problems & news' started by FanJ, Jul 16, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Kaspersky:

    The "Webber" Trojan Turns Computers Into Spam Machines.

    Kaspersky Labs reports the mass mailing of the new trojan program
    "Webber" (aka "Heloc").

    Webber does its harm by installing a proxy server by which evildoers can
    send out any data held on infected machines. This past week Kaspersky
    Labs detected three Trojan programs of this type.

    "In essence, we have a situation involving the creation of an illegal,
    extended network that is being exploited by hackers to mass mail spam
    using the resources of victim computers, " commented Eugene Kaspersky,
    Head of Anti-Virus Research at Kaspersky Labs. "What is most troublesome
    is that this network can also be abused to achieve virtually any goal,
    including conducting hacker attacks on a global scale and DDos attacks
    on the Web resources of large corporations or government institutions."

    Webber was spread over the Internet via a mass mailing conducted on July
    16, 2003. The message containing Webber has the following subject line:
    "Re: Your credit application", and a file attachment named
    "web.da.us.citi.heloc.pif". This file name is similar to a Web address
    and therefore can at times confuse users and lead them to execute the
    infected file. Once run, Webber clandestinely downloads its additional
    components from a remote Web-server and installs them on the now
    infected computer. Collateral damage attributed to this trojan includes
    sending to its "master" (hacker controlling the trojan) a list of
    passwords dug out of a victim machine's cache memory.

    The defense against this malicious program has already been added to the
    Kaspersky Anti-Virus database.

    For a more detailed description of Webber please go to the Kaspersky
    Virus Encyclopedia at:
    http://www.viruslist.com/eng/viruslist.html?id=61335
     
  2. FanJ

    FanJ Guest

Loading...
Thread Status:
Not open for further replies.