The "Webber" Trojan Turns Computers Into Spam Machines

Discussion in 'malware problems & news' started by FanJ, Jul 16, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Kaspersky:

    The "Webber" Trojan Turns Computers Into Spam Machines.

    Kaspersky Labs reports the mass mailing of the new trojan program
    "Webber" (aka "Heloc").

    Webber does its harm by installing a proxy server by which evildoers can
    send out any data held on infected machines. This past week Kaspersky
    Labs detected three Trojan programs of this type.

    "In essence, we have a situation involving the creation of an illegal,
    extended network that is being exploited by hackers to mass mail spam
    using the resources of victim computers, " commented Eugene Kaspersky,
    Head of Anti-Virus Research at Kaspersky Labs. "What is most troublesome
    is that this network can also be abused to achieve virtually any goal,
    including conducting hacker attacks on a global scale and DDos attacks
    on the Web resources of large corporations or government institutions."

    Webber was spread over the Internet via a mass mailing conducted on July
    16, 2003. The message containing Webber has the following subject line:
    "Re: Your credit application", and a file attachment named
    "web.da.us.citi.heloc.pif". This file name is similar to a Web address
    and therefore can at times confuse users and lead them to execute the
    infected file. Once run, Webber clandestinely downloads its additional
    components from a remote Web-server and installs them on the now
    infected computer. Collateral damage attributed to this trojan includes
    sending to its "master" (hacker controlling the trojan) a list of
    passwords dug out of a victim machine's cache memory.

    The defense against this malicious program has already been added to the
    Kaspersky Anti-Virus database.

    For a more detailed description of Webber please go to the Kaspersky
    Virus Encyclopedia at:
    http://www.viruslist.com/eng/viruslist.html?id=61335
     
  2. FanJ

    FanJ Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.