Trojan poses as movie clip of London blasts

Posted on Friday, Jul 08 2005 @ 19:35 CEST by Thomas De Maesschalck
MessageLabs have detected a Trojan posing as a movie clip of yesterday's terrorist attack in London. The email containing this Trojan has been crafted so that it appears to be a CNN Newsletter which asks you to 'See attachments for unique amateur videoshots'.

When executed the attachment copies itself to %Windir%winlog.exe and modifies the Windows registry key 'HKLM/Software/microsoft/Windows/CurrentVersion/Run' so that it runs automatically on system start-up. The Trojan then attempts to obtain a list of the SMTP servers that your machine is configured to use and starts to use these servers to send large volumes of unsolicited mail.

Email characteristics:
Sender address: breakingnews@cnnonline.com
Email subject: TERROR HITS LONDON
Filename: 'London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe'


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments