Wednesday, July 23, 2008

New Trojan this week

This week, the world was introduced to the latest computer threat, a trojan that comes in your email claiming to be from United Parcel Service with the subject line "Re: UPS Tracking Number" and having a zip file for an attachment.

DON'T OPEN IT. DELETE IT.

IT people usually know the golden rule of attachments, which is basically, don't open .exe and .zip files... especially if it's from someone you don't know, and if you dare to try, scan it with your antivirus first. And that's all well and good, except right now, only 3 of the 34 Antivirus engines out there in the free world are even detecting it.

That's right, all of you with McAfee and Norton's and AVG and... well, pretty much EVERYONE.... your antivirus will not pick this one up yet.

If you think you may have opened this little slice o'hell yet, here's what to expect:
  • BSOD (blue screen of death)
  • Strange "XP Antivirus 08" program popping up on your screen, claiming to be scanning for threats and it won't clean them till you "register it"
  • Blue background on your desktop and the ominous warning that your system is, or may be infected (IT folks, it will remind you of SpySheriff here)
  • Extremely slow system
  • Firewalls magically disabled (and can't enable)
  • Windows Update is disabled (but when you go to turn it on, it claims it is turned on)
  • An RPC Countdown till shutdown
  • No access to the registry or MsConfig

What does this trojan do? Same thing that previous "Russian Mafia" trojans have done, only with a new variant; they steal credit card numbers, online banking logins and details, etc. This one actually takes screenshots of your banking info.

If you're a client of mine, you know what to do if you are seeing these symptoms... shut down the computer, disconnect it from the internet, and call me immediately.

And when I get done cleaning this out of your system, CHANGE EVERY PASSWORD YOU HAVE.

Labels: , ,