New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 981
Comments: 19
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image trj: Beware!: Email from 'Citibank' conceals Trojan image
Trojans
Email from 'Citibank' conceals Trojan
Staff
CNETAsia

An email purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.

Email-security company MessageLabs on Wednesday afternoon reported the new email virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.

The first copies of the email have come from Australia, with more than 400 copies spotted so far, according to the company.

The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.

After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.

The channel between the remote computer and the infected computer is encrypted.

Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.

The Trojan arrives as an attachment to an email that seemed to have been spammed from a number of different IP addresses around the world.

The attachment has a double extension ending in .htm.pif. The sender's email address is forged, and does not indicate the true identity of the sender, said MessageLabs.

The message contains:

From: Account Manager
Subject: Re: Your credit application
Text:
Dear Sir!|
Thank you for your online application for a Home Equity Loan.
In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.
*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days.

As of Wednesday afternoon, CNETAsia has not received alerts about the virus from other security companies.

ZDN
Posted on Thursday, 13 November 2003 @ 04:50:00 EST by phoenix22
image

 
Login
Nickname

Password
· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Microsoft
· HotScripts
· W3 Consortium
· Spam Cop
· C|Net News
· ZDNet News
· More about Trojans
· News by phoenix22
Most read story about Trojans:
Lover Spy

image
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent

image
Options

Printer Friendly Page  Printer Friendly Page
image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 770 pages served in previous 5 minutes. Page Rendered: 5.235 seconds.