Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Computer virus targets Swiss bank

From: William Knowles <wk () C4I ORG>
Date: Thu, 17 Aug 2000 04:09:49 -0500
http://news.cnet.com/news/0-1005-200-2540566.html?tag=st.ne.1002.thed.ni

By The Associated Press
Special to CNET News.com
August 16, 2000, 9:00 p.m. PT

WASHINGTON -- A new strain of the "Love Letter" computer virus is
targeting customers of a Swiss bank, stealing their account
information and sending it off to the virus writer, U.S. computer
security companies said today.

The virus, known as "VBS/Loveletter.bd," is a variant of the original
"Love Letter" virus that circulated in May, and many versions have
been created using the original as a template.

This new strain replicates itself using Microsoft's Outlook email
program and includes a resume. A previous "Love Letter" version had a
resume as well, of a Filipino student. The new resume is in German and
represents a job applicant in Zurich, Switzerland.

The worst part of the virus payload is new to "Love Letter." The virus
downloads a password-stealing program that copies online banking
information--for the United Bank of Switzerland--off the infected
computer.

Experts got the first infection reports this morning, and all said
that the virus was not yet widespread. Because of its narrow focus,
experts believe the virus won't spread very far, but that it is a
"proof of concept" for future viruses targeting customers of any bank.

"I'm a bit concerned that it may be all too easy," said Roger
Thompson, a security expert for Carlisle, Pa.-based ICSA.net. "If not
the banks, the investment account aggregators" could be targeted.

Due to the time zones, representatives for the United Bank of
Switzerland could not be contacted--though experts did say that
authorities in Europe were investigating the matter.

The virus downloads the password-stealer, called "Hooker," from one of
several computers on the Internet. A Kaspersky Labs spokesman, Denis
Zenkin, said that among the possible download sites are computers at
Michigan State University and the National Institutes of Health.
Kaspersky Labs believes that the hacker placed the password-stealer
there, in an area exposed to the public, for future access.

Messages left at Michigan State and NIH were not immediately returned.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: