The "Webber" Trojan Program Turns Computers Into Spam Machines

16 Jul 2003
Virus News


Kaspersky Lab, an international data security software developer, reports the mass mailing of the new trojan program "Webber" (aka "Heloc"). Kaspersky Lab has already logged numerous registered reports of encounters with this malicious program. "Webber" does its harm by installing a proxy server by which evildoers can perform distributed mass mailings of any data using the resources of infected machines. This past week Kaspersky Lab already detected three Trojan programs of this type. "In essence, we have a situation involving the creation of an illegal, extended network that is being exploited by hackers to mass mail spam using the resources of victim computers, " commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. "What is most troublesome is that this network can also be abused to achieve virtually any goal, including conducting hacker attacks on a global scale and DDos attacks on the Web resources of large corporations or government institutions." "Webber" was spread over the Internet via a mass mailing conducted on July 16, 2003. The message containing "Webber" has the following subject line: "Re: Your credit application", body text in English, and a file attachment named "web.da.us.citi.heloc.pif". This file name is similar to a Web address and therefore can at times confuse users, leading them to execute the infected file. Once run, "Webber" clandestinely downloads its additional components from a remote Web-server and installs them on the now infected computer. Collateral damage attributed to this trojan includes sending to its "master" (hacker controlling the trojan) a list of passwords dug out of a victim machine's cache memory. The defense against this malicious program has already been added to the Kaspersky Anti-Virus database. For a more detailed description of Webber please go to the Kaspersky Virus Encyclopedia by clicking here.