'Cute' Trojan horse attacks through e-mail
- — 09 May, 2002 10:20
A pair of antivirus companies is warning users to look out for an e-mail worm that could allow attackers to take over their machines and try to damage firewall and security programs.
Network Associates' McAfee.com unit and Symantec are both warning computer users to watch out for an e-mail message with a subject line: "Thoughts..."
Inside, users find a short note reading: "I just found this program, and, i dont know why... but it reminded me of you. check it out." Inside the message is an attachment called Cute.exe.
Statements released by both Symantec and McAfee say the package will unleash a Trojan horse worm that will look for security programs inside a user's machine and attack them. Both companies have labeled the worm a "low" risk and offer instructions on their Web sites on how to remove it.
The program will also allow attackers to do the following:
-- Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messanger.
-- Send e-mail.
-- Initiate denial-of-service attacks.
-- Access, move, copy or delete files.
-- Access, move, copy or delete file transfer protocol files.
The program will copy itself to the Windows directory and create two registry keys, according to McAfee's statement. Two INI keys are also created. Then "the worm looks for E security programs (including antivirus and firewall programs) in memory and terminates them if found," the statement said.