发信人: fzb()
整理人: emil(1999-09-20 09:44:25), 站内信件
|
Trojan horse steals AOL passwords, URLs
By Paul Festa
Staff Writer, CNET News.com
January 7, 1999, 12:30 p.m. PT
A new email attachment making its way around the spam circuit
is swiping recipients' user names and passwords and sending
them to a Chinese email address.
The Trojan horse, named "picture.exe," is collecting Web browser
histories as well as America Online user names and passwords
from hard drives, according to security firm Network Associates
and recipients of the attachment.
While the Trojan horse is unusual for the amount and variety of
information it steals, Network Associates warns that it joins
a crowded field of similar email menaces.
"There are hundreds of these kinds of AOL password-stealing
Trojans," said Vincent Gullotto, manager of Network Associates'
Antivirus Emergency Response Team, or AVERT, which is part of
the company's McAfee unit.
Indeed, password-stealing has long been a problem for AOL
and other password-protected services. The online giant has
gone to some lengths to educate users about the hazards of
opening attachments from unfamiliar sources.
A Trojan horse is a program that works in a way that the
user does not expect it to. It differs from a virus in that
it does not replicate itself.
This Trojan, which Network Associates has dubbed "URLsnoop,"
adds a file called "note.exe" or "picture.exe" to the run line
of the "win.ini" file of the Windows subdirectory. That allows
the executable to run the next time the computer is started.
Next, the Trojan horse builds lists of all the .txt and .html
files on the user's hard drive, along with all the URLs found
in the Internet cache. It then adds that list to a .dat
(for data) file and encrypts the data.
If the user has AOL software installed, the program will collect
the user name and password.
Once all this information is compiled, the program sends it to
an email address in China.
Gullotto said that his team had received numerous reports of
"URLsnoop" taking hold during the past week, and that
Network Associates' UK division has been fielding reports
as well. Network Associates now checks for the Trojan in
all of its programs, he said.
It isn't yet clear how successful the program has been in
delivering the goods back to its author, according to Gullotto.
"The seriousness of it will depend on whether it succeeds
in sending the data," he said, pointing out that the program
could glean other user names and passwords from the .html
files it swipes.
On online discussion forums related to computer security,
participants have been warning each other about the program
menace for the past week.
"You could do like I do," advised one poster to "mn.general."
"Don't open or download files emailed to you by people or
email addresses that you do not know."
--
※ 来源:.网易 BBS bbs.netease.com.[FROM: max1-105.guangzhou.g]
|
|