Spyware, Viruses, & Security forum

General discussion

News - October 6, 2004

by Donna Buenaventura / October 6, 2004 3:05 AM PDT

New trojan is adware killer
But there's a downside as well.

A new Trojan horse program that attacks and removes adware, is circulating on the Internet, according to anti-virus company Symantec.

The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horses, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.

Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec said.

Lunii was rated a low threat by Symantec, which has released an anti-virus signature to detect the Trojan on Monday.

http://www.techworld.com/security/news/index.cfm?NewsID=2371

Discussion is locked
You are posting a reply to: News - October 6, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: News - October 6, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Anti-Phishing: Citibank - 'RESERVE'
by Donna Buenaventura / October 6, 2004 3:08 AM PDT
In reply to: News - October 6, 2004

Summary
Email title: 'RESERVE', or 'NOTE! Citibank account suspend in process'
Scam target: Citibank customers
Email format: HTML e-mail
Sender: support @ citibank.com
Sender spoofed? Yes
Scam call to action: 'Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately... This personal check is requested of you as a precautionary measure...Please use our secure counter server to indicate that you have signed on, please click the link bellow...'
Scam goal: Getting victim's citibank.com username/password, credit card information
Call to action format: URL link
Visible link: h++p://211.158.34.250/citifi/, or 221.139.2.111/citifi/
Called link : h++p://211.158.34.250/citifi/, or 221.139.2.111/citifi/
Phish website hosted on : 211.158.34.250, 221.139.2.111. Probably on other hosts, too

E-mail

This attack is being spreaded really widely. It follows an attack using the same technique - a new one to phishing, which allows for a very dangerous scam. This time though, significant phish clues are left 'uncovered'. First, the e-mail:

See sample image in Anti-Phishing.org

As you see, the e-mail does not bear any Citi corporate signs. And though the sender is spoofed, the link is unmasked and it is highly suspicious.

Anti-Phishing.org

Collapse -
New virus can use your PC to make expensive calls
by Donna Buenaventura / October 6, 2004 3:15 AM PDT
In reply to: News - October 6, 2004

"Called 'rogue diallers' or 'modem hijackers', a new breed of Trojan Horses computer viruses can secretly infect your PC and make long distance telephone calls without your knowledge" says Reinhardt Buys of IT law firm Buys Inc. "Since July 2004, these 'rogue diallers' have literally taken the world by storm".

In recent weeks the UK telephone regulator has been contacted by thousands of consumers complaining that their phone bills include expensive calls to premium rate numbers that they did not call and officials at the British Department of Trade and Industry are trying to clamp down on the problem.

During August 2004, a 'rogue dialler' ran up charges of more than US$500 by making just six calls from an American victim’s computer.

More info in http://www.sabcnews.com/sci_tech/telecomms/0,2172,89253,00.html

Collapse -
Adobe does document security
by Donna Buenaventura / October 6, 2004 3:17 AM PDT
In reply to: News - October 6, 2004

Electronic document giant Adobe said that it was partnering with digital certificate company GeoTrust to provide technology that will allow documents that use Adobe's popular PDF to be digitally certified.

Tuesday, the companies issued a joint statement to announce a document signing service that pairs GeoTrust's True Credentials digital signing technology with Adobe's Acrobat document security software. The new service will make it possible for organizations to verify the authenticity of a document using a digital certificate, which the companies claim will help fight online fraud such as phishing scans and online identity theft.

http://www.nwfusion.com/news/2004/1005adobedoes.html

Collapse -
Spammers use 'opt-out' to install Trojan
by Donna Buenaventura / October 6, 2004 3:21 AM PDT
In reply to: News - October 6, 2004

MessageLabs has warned that spammers could take over PCs through malware installed when a user tries to opt out of junk email

MessageLabs said that by clicking on the "click here to remove" link the user is directed to a Web page that "triggers an attempt to download malicious code onto computers". The company adds that once spammers are loaded in the users PC they can upload new Trojans "at any time".

http://news.zdnet.co.uk/internet/0,39020369,39169061,00.htm

Collapse -
Related: Click here to become infected (Part 2)
by Donna Buenaventura / October 6, 2004 3:24 AM PDT
Collapse -
Anti-Virus Program Detects GNU Public Licence
by Donna Buenaventura / October 6, 2004 3:26 AM PDT
In reply to: News - October 6, 2004

POPULAR OPEN SOURCE virus scanner Clamav has been hastily updated this morning to remove a 'false positive': the scanner was detecting the GNU Public Licence as a virus. Thousands of Open Source programs, including Clamav itself, include a copy of this licence, and since it is a plain text file it is incapable of containing a virus.

http://www.theinquirer.net/?article=18919

Collapse -
F-Secure: Critical vulnerability in MS Windows may escalate
by Donna Buenaventura / October 6, 2004 3:34 AM PDT
In reply to: News - October 6, 2004
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?