Name: Troj/DSS-A Type: Trojan Date: 10 June 2002 At the time of writing Sophos has received no reports from users affected by this Trojan. However, we have issued this advisory following enquiries to our support department from customers. Note: Sophos has been capable of protecting against Troj/DSS-A since the June 2002 (3.5 release of Sophos Anti-Virus. This updated IDE enhances detection of Troj/DSS-A. Sophos recommends customers install this IDE onto their computer systems. Description: Troj/DSS-A is a Trojan which drops the file INDEX.HTM into the Windows Temp folder. The Trojan then opens this file in a hidden browser window. INDEX.HTM contains an HTML script which attempts to connect to a web site about twenty minutes after opening. The web site contains an advertisement for a web site with pornographic content and may attempt to drop a dialler program onto the user's computer. The behaviour of Troj/DSS-A may be altered dynamically by changing the contents of the web page to which it connects. The Trojan file is likely to arrive in an email as an attachment called OPENME.EXE. Read the analysis at http://www.sophos.com/virusinfo/analyses/trojdssa.html