Trojan Horse Making Its Way Into Windows Systems

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,4149,1396774,00.asp

By Dennis Fisher 
November 25, 2003   
 
A new Trojan horse hidden in an e-mail purported to be carrying
pornographic pictures is beginning to make the rounds on the Internet.

The Trojan is known as Sysbug and provides its creator with a backdoor
into infected systems running versions of Windows from 95 through XP.  
It copies itself to the Windows installation folder and also adds a
new registry entry that ensures the Trojan will run every time the PC
starts up.

Once resident on a computer, Sysbug is capable of copying a variety of
data about the machine and sending it back to its creator, according
to Sophos Inc., an anti-virus company based in Lynnfield, Mass. The
Trojan gathers data on e-mail accounts and remote access accounts,
then opens TCP port 5555 and listens for commands from its author.

The Trojan arrives in an e-mail with an attachment that is zipped and
contains an executable. The e-mail begins:

"Hello my dear Mary,

I have been thinking about you all night. I would like to apologize
for the other night when …"

The message then goes into more explicit detail.

The e-mail comes from james2003 () hotmail com and the subject line says
"Re[2]: Mary."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.