[ISN] Trojan Horse Making Its Way Into Windows Systems

From: InfoSec News (isn@private)
Date: Tue Nov 25 2003 - 23:43:16 PST

  • Next message: InfoSec News: "[ISN] Police arrest man in bank PC theft"

    By Dennis Fisher 
    November 25, 2003   
    A new Trojan horse hidden in an e-mail purported to be carrying
    pornographic pictures is beginning to make the rounds on the Internet.
    The Trojan is known as Sysbug and provides its creator with a backdoor
    into infected systems running versions of Windows from 95 through XP.  
    It copies itself to the Windows installation folder and also adds a
    new registry entry that ensures the Trojan will run every time the PC
    starts up.
    Once resident on a computer, Sysbug is capable of copying a variety of
    data about the machine and sending it back to its creator, according
    to Sophos Inc., an anti-virus company based in Lynnfield, Mass. The
    Trojan gathers data on e-mail accounts and remote access accounts,
    then opens TCP port 5555 and listens for commands from its author.
    The Trojan arrives in an e-mail with an attachment that is zipped and
    contains an executable. The e-mail begins:
    "Hello my dear Mary,
    I have been thinking about you all night. I would like to apologize
    for the other night when "
    The message then goes into more explicit detail.
    The e-mail comes from james2003@private and the subject line says
    "Re[2]: Mary."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 26 2003 - 02:08:04 PST