Spyware, Viruses, & Security forum

General discussion

News - October 6, 2004

New trojan is adware killer
But there's a downside as well.

A new Trojan horse program that attacks and removes adware, is circulating on the Internet, according to anti-virus company Symantec.

The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horses, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.

Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec said.

Lunii was rated a low threat by Symantec, which has released an anti-virus signature to detect the Trojan on Monday.


Discussion is locked
You are posting a reply to: News - October 6, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: News - October 6, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Anti-Phishing: Citibank - 'RESERVE'

In reply to: News - October 6, 2004

Email title: 'RESERVE', or 'NOTE! Citibank account suspend in process'
Scam target: Citibank customers
Email format: HTML e-mail
Sender: support @ citibank.com
Sender spoofed? Yes
Scam call to action: 'Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately... This personal check is requested of you as a precautionary measure...Please use our secure counter server to indicate that you have signed on, please click the link bellow...'
Scam goal: Getting victim's citibank.com username/password, credit card information
Call to action format: URL link
Visible link: h++p://, or
Called link : h++p://, or
Phish website hosted on :, Probably on other hosts, too


This attack is being spreaded really widely. It follows an attack using the same technique - a new one to phishing, which allows for a very dangerous scam. This time though, significant phish clues are left 'uncovered'. First, the e-mail:

See sample image in Anti-Phishing.org

As you see, the e-mail does not bear any Citi corporate signs. And though the sender is spoofed, the link is unmasked and it is highly suspicious.


Collapse -
New virus can use your PC to make expensive calls

In reply to: News - October 6, 2004

"Called 'rogue diallers' or 'modem hijackers', a new breed of Trojan Horses computer viruses can secretly infect your PC and make long distance telephone calls without your knowledge" says Reinhardt Buys of IT law firm Buys Inc. "Since July 2004, these 'rogue diallers' have literally taken the world by storm".

In recent weeks the UK telephone regulator has been contacted by thousands of consumers complaining that their phone bills include expensive calls to premium rate numbers that they did not call and officials at the British Department of Trade and Industry are trying to clamp down on the problem.

During August 2004, a 'rogue dialler' ran up charges of more than US$500 by making just six calls from an American victim’s computer.

More info in http://www.sabcnews.com/sci_tech/telecomms/0,2172,89253,00.html

Collapse -
Adobe does document security

In reply to: News - October 6, 2004

Electronic document giant Adobe said that it was partnering with digital certificate company GeoTrust to provide technology that will allow documents that use Adobe's popular PDF to be digitally certified.

Tuesday, the companies issued a joint statement to announce a document signing service that pairs GeoTrust's True Credentials digital signing technology with Adobe's Acrobat document security software. The new service will make it possible for organizations to verify the authenticity of a document using a digital certificate, which the companies claim will help fight online fraud such as phishing scans and online identity theft.


Collapse -
Spammers use 'opt-out' to install Trojan

In reply to: News - October 6, 2004

MessageLabs has warned that spammers could take over PCs through malware installed when a user tries to opt out of junk email

MessageLabs said that by clicking on the "click here to remove" link the user is directed to a Web page that "triggers an attempt to download malicious code onto computers". The company adds that once spammers are loaded in the users PC they can upload new Trojans "at any time".


Collapse -
Related: Click here to become infected (Part 2)

In reply to: Spammers use 'opt-out' to install Trojan

Collapse -
Anti-Virus Program Detects GNU Public Licence

In reply to: News - October 6, 2004

POPULAR OPEN SOURCE virus scanner Clamav has been hastily updated this morning to remove a 'false positive': the scanner was detecting the GNU Public Licence as a virus. Thousands of Open Source programs, including Clamav itself, include a copy of this licence, and since it is a plain text file it is incapable of containing a virus.


Collapse -
F-Secure: Critical vulnerability in MS Windows may escalate

In reply to: News - October 6, 2004

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.