Cute.exe Trojan horse attacks through e-mail

Network Associates' and Symantec have warned computer users to beware of an e-mail worm that could allow attackers to take over their machines and try to damage firewall and security programs.

Users should look out for an e-mail message with a subject line: "Thoughts..."

Inside, a short note reads: "I just found this program, and, i dont know why... but it reminded me of you. check it out." Inside the message is an attachment called Cute.exe.

Symantec and said the package unleashes a Trojan horse worm that will look for security programs inside a user's machine and attack them. Both companies have labelled the worm a "low" risk and offer instructions on their Web sites on how to remove it.

Symantec and McAfee describe the Trojan as a variant of the "Backdoor.Subseven" Trojan horse. Symantec named the Trojan W32.Tendoolf, while McAfee dubbed it W32/Floodnet@MM.

The program will also allow attackers to do the following:
  • Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messenger

  • Send e-mail

  • Initiate denial-of-service attacks

  • Access, move, copy or delete files

  • Access, move, copy or delete file transfer protocol files

The program will copy itself to the Windows directory and create two registry keys,'s statement said. Two INI keys are also created, then the worm looks for E security programs - including antivirus and firewall programs - in memory and terminates them if found.

COMMENTS powered by Disqus  //  Commenting policy