ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Email from 'Citibank' conceals Trojan

Staff CNETAsia

Published: 12 Nov 2003 11:30 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An email purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.

Email-security company MessageLabs on Wednesday afternoon reported the new email virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.

The first copies of the email have come from Australia, with more than 400 copies spotted so far, according to the company.

The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.

After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.

The channel between the remote computer and the infected computer is encrypted.

Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.

The Trojan arrives as an attachment to an email that seemed to have been spammed from a number of different IP addresses around the world.

The attachment has a double extension ending in .htm.pif. The sender's email address is forged, and does not indicate the true identity of the sender, said MessageLabs.

The message contains:

From: "Account Manager"
Subject: Re: Your credit application
Text:
Dear Sir!|
Thank you for your online application for a Home Equity Loan.
In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.
*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days.

As of Wednesday afternoon, CNETAsia has not received alerts about the virus from other security companies.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
61 out of 114 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. I am a novice when it comes to Trojan horses, but... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Java Developer with C++ - Equity Derivatives - Front Office Trading

One of the world's leading international investment banks is currently looking for a core Java developer with strong experience of C++ development to ...

Business Analyst - Equity Derivatives Technology / Front Office

International Investment Bank based in the City are currently looking for a Business Analyst to join a small team working across a range of projects ...

Equity Partner Top Accounting Practice, North London. Basic 400k+

My client a well-known top 30 practice is looking for a top end partner to take over an equity partner position post his approaching retirement. My ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation