News: Beware The Trojan

By | July 17, 2003
 I got my first password stealing trojan yesterday. My, they’re good. I’ve never shopped at Citibank (sorry, Ditta) but for a moment I thought that maybe I had . This was what the email looked like:
Dear sir,
Thank you for your online application for a Citibank Home Equity Loan. In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn’t satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Citibank Home Equity Loan at this time.
*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing next few days.
The email came with all the right headers, and my virus checker didn’t notice anything wrong, but the folks at Sophos have identified the attachment as a two component backdoor Trojan, specifically, Troj/Webber-A. The first bit attempts to connect to, download a file to rtdx32.exe in the Windows system folder and execute it. The second bit is a password stealing Trojan that attempts to extract sensitive information from several locations on the system and sends them to CGI scripts at Yuck. Beware.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.