havnblast Posted November 14, 2003 Share Posted November 14, 2003 An e-mail purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.E-mail-security company MessageLabs on Wednesday afternoon reported the new e-mail virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.The first copies of the e-mail have come from Australia, with more than 400 copies spotted so far, according to the company.The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.The channel between the remote computer and the infected computer is encrypted.Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.The Trojan arrives as an attachment to an e-mail that seemed to have been spammed from a number of different IP addresses around the world.The attachment has a double extension ending in .htm.pif. The sender's e-mail address is forged, and does not indicate the true identity of the sender, said MessageLabs.The message contains:From: Account ManagerSubject: Re: Your credit applicationText:Dear Sir!|Thank you for your online application for a Home Equity Loan.In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days. Source Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted November 14, 2003 Share Posted November 14, 2003 (edited) Thanks havnblast!Did you notice that they linked to the ZDNET article here:Trojan hides in fake Citibank e-mail, where some discussion has already begun in the TalkBack section under the article: Citibank Trojan doesn't need attachment Email can arrive with information such as "$195 has been deposited in 'your business' account by Mr.Brown. Please click the link below to check your account status." (no attachment) The link takes you to a false Citibank site where the Trojan lurks. We reported this to several authorities in both the U.S. and Canada 2-3 months ago. The authentic Citibank site carries a warning about this, thought your readers would want to know. Edited November 14, 2003 by LilBambi Quote Link to comment Share on other sites More sharing options...
Guest ThunderRiver Posted November 14, 2003 Share Posted November 14, 2003 I have heard a lot of complains regarding Citibank over the years. Perhaps, that's the main reason why it has always been the primary target. I am with Comerica, and I haven't had such problem yet so far. Quote Link to comment Share on other sites More sharing options...
Ed_P Posted November 14, 2003 Share Posted November 14, 2003 I have heard a lot of complains regarding Citibank over the years. Perhaps, that's the main reason why it has always been the primary target.They go after the most popular to get the best chance of takers. Same reason most viruses attach Windows. Complaints have nothing to do with it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.