Cute.exe Trojan horse attacks through e-mail

News

Cute.exe Trojan horse attacks through e-mail

Network Associates' McAfee.com and Symantec have warned computer users to beware of an e-mail worm that could allow attackers to take over their machines and try to damage firewall and security programs.

Users should look out for an e-mail message with a subject line: "Thoughts..."

Inside, a short note reads: "I just found this program, and, i dont know why... but it reminded me of you. check it out." Inside the message is an attachment called Cute.exe.

Symantec and McAfee.com said the package unleashes a Trojan horse worm that will look for security programs inside a user's machine and attack them. Both companies have labelled the worm a "low" risk and offer instructions on their Web sites on how to remove it.

Symantec and McAfee describe the Trojan as a variant of the "Backdoor.Subseven" Trojan horse. Symantec named the Trojan W32.Tendoolf, while McAfee dubbed it W32/Floodnet@MM.

The program will also allow attackers to do the following:
  • Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messenger

  • Send e-mail

  • Initiate denial-of-service attacks

  • Access, move, copy or delete files

  • Access, move, copy or delete file transfer protocol files


The program will copy itself to the Windows directory and create two registry keys, McAfee.com's statement said. Two INI keys are also created, then the worm looks for E security programs - including antivirus and firewall programs - in memory and terminates them if found.

http://vil.mcafee.com/dispVirus.asp?virus_k=99483#removal_instructions
http://securityresponse.symantec.com/avcenter/venc/data/w32.tendoolf.html

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy