Advertisement
Promo

Security threats Toolkit

Email from 'Citibank' conceals Trojan

Staff CNETAsia

Published: 12 Nov 2003 11:30 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An email purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.

Email-security company MessageLabs on Wednesday afternoon reported the new email virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.

The first copies of the email have come from Australia, with more than 400 copies spotted so far, according to the company.

The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.

After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.

The channel between the remote computer and the infected computer is encrypted.

Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.

The Trojan arrives as an attachment to an email that seemed to have been spammed from a number of different IP addresses around the world.

The attachment has a double extension ending in .htm.pif. The sender's email address is forged, and does not indicate the true identity of the sender, said MessageLabs.

The message contains:

From: "Account Manager"
Subject: Re: Your credit application
Text:
Dear Sir!|
Thank you for your online application for a Home Equity Loan.
In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.
*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days.

As of Wednesday afternoon, CNETAsia has not received alerts about the virus from other security companies.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
64 out of 118 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. I am a novice when it comes to Trojan horses, but... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters