Sunday, June 25, 2017
  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: jorgea
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 39

People Online People Online:
Visitors Visitors: 55
Members Members: 0
Total Total: 55

Online Now Online Now:
Periwinkle Communications
Viruswarn banner

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!

  Viruswarn Forums
Subject: Trojan disguises itself as greeting card

You are not authorized to post a reply.   
Author Messages
Lee Drake
Posts:6

07/05/2007 11:43 AM  

What it is

You may have noticed greeting card invites in your inbox this last week, purported to be July 4th greetings form people you don’t know, or other greeting cards with a variety of headings and formats.  The thing they all have in common is that the web address you go to on the greeting card is usually just an ip address looking something like:

http:///###.##.##.##/?[a long string of characters]

These greeting card invites are enticing you to go to a site which will take advantage of a windows/internet explorer vulnerability to install a Trojan program on your machine.  If you have up to date security patches for Windows XP and Internet Explorer, and you have an active up to date virus and spyware blocker you should not need to worry if you accidentally clicked on one of these. It is a good idea to scan your machine manually for threats however.

The Storm Trojan is also called Trojan.Peacomm – and has been around since January as an attachment email (an executable program attached to an email).  The program itself is not new, recently however there’s been a drastic uptick in the number of attempts to broadcast the software, and the method of installing it by the user visiting an infected website increases the danger of this particular application.

What to do

To avoid the problem never click on a greeting card link that doesn’t specifically list:

  • The person sending the card – this should be someone you recognize
  • The site the card is sending you to – this should not be an ip address (remember to hover over the name to see where it’s REALLY sending you vs. what it shows in the message), it should be the name of a legitimate card company (hallmark, blue mountain, etc.).
  • Does not have any attachments – greeting cards are never sent as attachments by these companies – they’re always links to sites.

You should also of course have up to date antivirus/antispyware software on your machine and you should keep your patches up to date by visiting http://update.microsoft.com/ and be sure to load the new windows update if you have a “green button” inviting you to do so on this page.

If you did click on it you should update your security software and scan your machine for viruses, just in case.  The Storm Trojan allows a remote person to take over your machine and use it either directly or as part of a botnet to attack other machines.

Further references

Storm Trojan uses July 4th greeting message: http://www.theregister.co.uk/2007/07/04/july_4_storm_trojan/

Symantec threat warning: http://www.symantec.com/outbreak/storm_trojan.html

Trojan Peacomm: building a peer to peer botnet: http://www.symantec.com/enterprise/security_response/weblog/2007/01/trojanpeacomm_building_a_peert.html

Cheers,


logo120x120.gif

http://www.os-cubed.com/
ldrake@os-cubed.com
LinkedIn

Lee Drake
OS-Cubed, Inc.
274 North Goodman St. Suite A401
Rochester, NY 14607


Main: 585-756-2444  
Cell: 585-509-0284
Fax: 585-756-2443

 

 

 

 

You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > Trojan disguises itself as greeting card



ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement