For those of you who filter on body/subject. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of InfoSec News Sent: Wednesday, November 26, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: [ISN] Trojan Horse Making Its Way Into Windows Systems
http://www.eweek.com/article2/0,4149,1396774,00.asp By Dennis Fisher November 25, 2003 A new Trojan horse hidden in an e-mail purported to be carrying pornographic pictures is beginning to make the rounds on the Internet. The Trojan is known as Sysbug and provides its creator with a backdoor into infected systems running versions of Windows from 95 through XP. It copies itself to the Windows installation folder and also adds a new registry entry that ensures the Trojan will run every time the PC starts up. Once resident on a computer, Sysbug is capable of copying a variety of data about the machine and sending it back to its creator, according to Sophos Inc., an anti-virus company based in Lynnfield, Mass. The Trojan gathers data on e-mail accounts and remote access accounts, then opens TCP port 5555 and listens for commands from its author. The Trojan arrives in an e-mail with an attachment that is zipped and contains an executable. The e-mail begins: "Hello my dear Mary, I have been thinking about you all night. I would like to apologize for the other night when ." The message then goes into more explicit detail. The e-mail comes from [EMAIL PROTECTED] and the subject line says "Re[2]: Mary." - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.