Virus / trojans that turn your computer into junk-mail spam relay -which ones?

  • Thread starter Thread starter Virus Guy
  • Start date Start date
V

Virus Guy

Which virus or trojans (that are known) are the ones that turn your
computer into spam relays or trojans for spammers?

Which anti-viral programs have the best detection capability for these
things?

Also-

Reports are appearing in the mainstream media of people who's
computers are being infected with something that scrambles data files
and then gives some sort of message to the user (extortion message) to
pay money to un-scramble the files. Supposedly the vulnerability to
this mal-ware was fixed via a microsoft update a year or more ago.
Also supposedly some techies have been able to unscramble the files
themselves. Also being reported is that a money trail will ultimately
lead to the hackers so this scheme isin't really bullet-proof and
can't ever become wide-spread.

What's the scoop with this phenomena? True or urban legend? URL?
 
From: "Virus Guy" <[email protected]>

| Which virus or trojans (that are known) are the ones that turn your
| computer into spam relays or trojans for spammers?
|
| Which anti-viral programs have the best detection capability for these
| things?
|
| Also-
|
| Reports are appearing in the mainstream media of people who's
| computers are being infected with something that scrambles data files
| and then gives some sort of message to the user (extortion message) to
| pay money to un-scramble the files. Supposedly the vulnerability to
| this mal-ware was fixed via a microsoft update a year or more ago.
| Also supposedly some techies have been able to unscramble the files
| themselves. Also being reported is that a money trail will ultimately
| lead to the hackers so this scheme isin't really bullet-proof and
| can't ever become wide-spread.
|
| What's the scoop with this phenomena? True or urban legend? URL?

1st part of question
------------------------
W32/Bobax.worm.c -- http://vil.nai.com/vil/content/v_125314.htm
W32/Wallon.worm.a -- http://vil.nai.com/vil/content/v_125096.htm
Proxy-Regate -- http://vil.nai.com/vil/content/v_100788.htm
Proxy-Agent -- http://vil.nai.com/vil/content/v_100992.htm
Proxy-Agent.d -- http://vil.nai.com/vil/content/v_131176.htm
Proxy-Agent.f -- http://vil.nai.com/vil/content/v_131699.htm


2cnd part of question
------------------------
Well the story is true, but "scramble" is a poor word that describes what is done to the
user's data files. They are encrypted in what's called "Cryptovirology". "Cryptovirology
which employs a twist on cryptography, showing that it can also be used offensively. By
being offensive we mean that it can be used to mount extortion based attacks that cause loss
of access to information..." To decrypt them, you need the key. The writers of this
Trojan, PGPcoder (Aka, TROJ_PGPCODER.A, Virus.Win32.Gpcode.b, W32/Gopper.A ) would extort
$200.00 from the user and when the ransom is paid, they would send the affected user a
program that would decrypt the files. Not a myth or Urban Legend and the Institute of
Electrical and Electronics Engineeering (IEEE, Piscataway, New Jersey, USA) has a May of '96
paper entitled "Cryptovirology: extortion-based security threats and countermeasures" .

http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=502676

http://vx.netlux.org/lib/ayo00.html

http://www.cnn.com/2005/TECH/internet/05/24/internet.ransom.ap/index.html

http://news.bbc.co.uk/1/hi/technology/4580389.stm
 
On that special day, Virus Guy, ([email protected]) said...
Which virus or trojans (that are known) are the ones that turn your
computer into spam relays or trojans for spammers?
Click to expand...

Among others, several Sober variants. But all the Agobot variants (and
there are literally hundreds of them) and Randex can install mass
mailing engines, too.


Gabriele Neukam

(e-mail address removed)
 
Back
Top