> --- Michael Quack <[EMAIL PROTECTED]> wrote:
>>> In direct reply to my posting regarding softboxes
>>> I received two messages by J.Gense <[EMAIL PROTECTED]>
>>> with a trojan and a program call attached trying to
>>> damage my data.
>>>
I can verify this as I received two emails today from J.Gense with trojans
attached.
Just dumped the first one, so I don't remember its name, but the second was
"W32.Badtrans.13312@mm" as identified by NAV before quarantine.
The following information is from Symantec's web site. Looks like it *could* be
unintentional in the sense that J.Gense may not know his email program is
sending this out. (possibly)
=========================================
Payload:
Large scale e-mailing: It replies to all unread messages in the message folders
within the default MAPI email program.
Compromises security settings: It drops a backdoor Trojan.
Technical description:
When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the
\Windows folder, and then executes it. It then copies itself into the Windows
folder as inetd.exe, adds a run= line to the Win.ini, and displays the following
message:
The next time that the computer is rebooted, the worm will wait for 5 minutes,
then it will use MAPI to find all unread email messages and reply to all of
them. The worm will attach itself to the email, using one of the following file
names:
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
--
if everything is going right....you've missed something.
*
****
*******
***********************************************************
* For list instructions, including unsubscribe, see:
* http://www.a1.nl/phomepag/markerink/eos_list.htm
***********************************************************
