 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
'South Park' Trojan Horse can create e-mail storms
|
(IDG) -- A Trojan Horse dubbed "South Park" that made its first appearance on the Internet last June is on the loose again, antivirus software vendors warned last week.
The Trojan Horse spreads by sending itself as an e-mail attachment to all the addresses listed in a user's Outlook Express program. It attempts to do this every 30 minutes, and has the potential to cause storms of e-mail that can clog up company's network, the vendors said.
The attachment contains an icon of the character Kyle from the cult cartoon series "South Park," and will appear as though it has come from someone known to the recipient, vendors said.
 | MESSAGE BOARD | |
|
| ||
The Trojan Horse has been reported on Windows NT and 9x machines at dozens of large corporations, government organizations, universities and Internet companies, primarily in the U.S. but also in Asia and Europe, said Martin Skov, a product-marketing manager with Network Associates' McAfee software division.
Known as W32/Pretty.worm.unp, the Trojan is a variant of the W32/PrettyPark.worm that first surfaced last June and has been dormant for the most part ever since. The new variant differs in that it is not compressed, which made it a little harder to detect initially, Skov said.
The Trojan Horse may also try to connect to an Internet relay chat server, and could potentially use the connection to get information such as the computer name and registered owner, as well as dial up networking and user names stored on that computer, Skov said. Network Associates hasn't received a report of that happening yet, he added.
While its payload isn't considered too severe, in the sense that it doesn't delete data, antivirus vendors upgraded their rating on the Trojan Horse from medium to high risk, primarily because of its ability to spread quickly and clog networks. Network Associates received 70 reports of it in the first four days of the week, compared with 150 reports in the prior two-week period. The company first discovered it in mid-February.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Practice safe computing |
| 10 handy Net counter-espionage utilities |
| All-in-one security device |
| Read an e-mail, lose your privacy |
"It's not limited to one industry sector; it's hit pretty much across the board," Skov said.
The number of reports subsided somewhat and Network Associates hopes to downgrade it to medium risk soon, Skov said. Network Associates has classified seven Trojan Horses and viruses as high risk in the past year, he added.
Outlook Express users should be aware of e-mails that carry the subject line, "C:/coolprogs/prettypark.exe." File attachments are called "Pretty park.exe" and in some cases "Pretty~1.exe."
RELATED STORIES:
$12.1 billion reportedly spent to ward off computer viruses in 1999
January 18, 2000
Protect against Trojan Horses
January 17, 2000
Top 10 antivirus downloads
December 27, 1999
Prilissa virus carries Christmas surprise
November 23, 1999
BubbleBoy teaches users a new security lesson
November 11, 1999
Internet worm can crash corporate servers
January 29, 1999
RELATED IDG.net STORIES:
Read an e-mail, lose your privacy
(SunWorld)
All-in-one security device
(Network World)
Asleep at the security wheel?
(FCW)
Practice safe computing
(PC World)
10 handy Net counter-espionage utilities
(PC World)
Shockwave to host series by South Park creators
(IDG.net)
Security and privacy must go hand-in-hand
(FCW)
Trojan horse gathers user data, e-mails it to China
(Computerworld)
RELATED SITES:
Network Associates
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.