Article

Trojan promises pictures, steals system, user data

Edward Hurley, SearchSecurity.com News Writer

A new Trojan is on the loose that purports to be photos of a nude woman. But the worm in fact steals system and other information from infected systems.

Sysbug-A travels as a .zip file attached to an e-mail from james2003@hotmail.com. In order for a system to become infected, the recipient needs to extract the enclosed file, wendynaked.jpg.exe, and run it.

The Trojan steals sensitive information, including an SMTP account name, POP3 password, NNTP user name and SMTP e-mail address. Sysbug also notes the system's IP address, unique ID and connection speed. It then uploads that information to finance.red-host.com, according to Finnish antivirus software vendor F-Secure Corp.

Sysbug seems to be paying homage to Mimail-C, which traveled attached to a similar kind message. The e-mail carrying the Sysbug worm has the following characteristics:

Subject line:
"Re[2]: Mary"

Message text:
"Hello my dear Mary,

"I have been thinking about you all night. I would like to apologize for the other night when we made beautiful love and did not use condoms. I know this was a mistake and I beg you to forgive me.

"I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the

    Requires Free Membership to View

pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean.

"I love you with all my heart, James."

The threat posed by Sysbug is limited because it doesn't have a mechanism for spreading itself. Any copies of it in the wild must be manually sent.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: