Photo with Trojan

September 10, 2002

A Trojan has been detected, in a commercial product for processing graphic software, that destroys files on the Windows system directory Kaspersky Labs reports the detection of a Trojan horse, FireAnvil, embedded in a commercial product from US company, Firehand Technologies Corporation.

A Trojan has been detected, in a commercial product for processing graphic software, that destroys files on the Windows system directory Kaspersky Lab reports the detection of a Trojan horse, FireAnvil, embedded in a commercial product from US company, Firehand Technologies Corporation. "Firehand Ember Millennium" is a software program for viewing and editing graphic files and is sold via Internet on the site www.firehand.com. Trojan subprograms have been detected in two files of the product:

Ember32.exe - the main file of the product fireutil.dll - library

The program is activated when the text "czy czy" is entered in the field "Registered User ID".

Registered User ID: [_________]
Registration Key: [_________]

As the Trojan program is activated the following message is displayed:

CrAcKiNg SoFtWaRe! PlEaSe WaIt!

Then FireAnvil searches for the Windows system directory and writes the following text into the registry of all of the files within the directory:

CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!

As a result of the program's destructive function, when activated, all of the files of the Windows system directory are destroyed with no possibility of restoring them. "Unfortunately, this is not the only instance where a software product has been marketed without checking it thoroughly for hidden "trojans". On the other hand, this is additional proof for the perfidy of the latest generation malware, which is sometimes very hard to detect. Hopefully, this incident will force all software developers to pay more attention to the security problems of their users," says Eugene Kaspersky, Head of Anti-Virus Research of Kaspersky Lab. Protection procedures against FireAnvil have been added to the Kaspersky Anti-Virus data bases.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Photo with Trojan

Photo with Trojan

About Kaspersky

Related Articles Press Releases

Dangerous Loki backdoor discovered: Kaspersky experts identify agent in Russian company cyberattacks

DIY Ransomware: novice cybercriminals bigger threat thanks to off-the-shelf code

Kaspersky identifies new APT group targeting Russian government entities

SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Every third cyber incident was due to ransomware, Kaspersky reports

Global mobile banking malware grows 32 percent in 2023

Turkey, Russia, Southeast Asia and Latin America hit by Android threats, Kaspersky identifies

‘Coyote’ ugly: Kaspersky unveils banking trojan targeting over 60 institutions

New cross-platform threats uncovered by Kaspersky

Kaspersky reveals advanced tactics in cyber espionage campaigns using MATA toolset