Trojan Horse Masquerades As Kaspersky Anti-Virus
22 Aug 2002
Kaspersky Lab warns computer users of a massive mailing of the Trojan-style malicious program, TrojanDownloader.Win32.Apher. Presently there have already been several registered reports of infection.
The Trojan is sent out by an anonymous evildoer using an anonymous e-mail address from a public access e-mail service. The messages themselves have a spoofed address showing the sender as email@example.com. The infected message has the following attributes:
Subject: Protect Your NetWare with Kaspersky Anti-Virus
Kaspersky Lab, an international data-security software developer, announces the official release of Kaspersky Anti-Virus 4.0. "We are pleased to present the latest version of our anti-virus product. The unique technology, updated design, and perfected administering system integrated into Kaspersky Anti-Virus 4.0 is the result of many years of work dedicated to improving the ease of working with the program and increasing computer defense reliability," said Natalya Kaspersky, Kaspersky Lab CEO. The new Kaspersky Anti-Virus version (Personal Pro, Personal, Lite) fully supports the Microsoft Windows XP operating system. Amongst this versions latest innovations are: a complete user interface upgrade corresponding to Tree Chart technology; perfected system installation that allows for the saving the configuration of previously installed versions, and a quarantine feature for isolating infected and suspicious objects; expanded treatment of infected archived files; an added function for the treatment of Microsoft Outlook Express and objects upon system start up and also a memory scanning of active applications; and simplified operating features for disk recovery.
If you have any questions
If the attached file is accidentally opened "Apher" automatically initiates a connection with a remote web site. From this site a utility enabling the control of the virus "Backdoor.Death.25" is loaded on the infected machine. In turn, this program permits the evildoer to clandestinely manage an infected computer, to view and send out confidential information, and create, copy and delete files in addition to much more.
The defense against "Apher" has already been added to the Kaspersky Anti-Virus database.