Ask the Expert

Virus transferred by clicking on a URL

I was in a Yahoo chat room and clicked on the following link:
http://213.123.18.112:8180/

    Requires Free Membership to View


which brought me to the following location:
http://213.123.18.112:8180/psecure20x-cgi-install.version6.01.bin.hx.com

My Norton virus scanner then told me it discovered a Trojan virus but was unable to do anything. I didn't know it was possible to get a virus by clicking on a URL -- is it? I have since installed "The Cleaner," which didn't find anything, and I still don't know if I have a Trojan virus or not. Can you help me?


If you look at the location, you'll notice that it has a .com extension, which is not normal for a Web page. However, it is trivial to set a page up to link directly to a specific file, which will then be inspected by your antivirus scanner.

According to my friends at McAfee, this is the W32/Aplore@MM worm (http://vil.nai.com/vil/content/v_99437.htm). It opens a Web server on port 8180 on an infected system and sends links to an exe file with a .com extension.

You may wish to report the person who sent you that link and the ISP hosting that file.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Malware


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: