N
net1
Guest
A new Trojan is turning Windows PCs into mature content and spam relays, possibly as a means of harvesting credit card details, researcher Richard M. Smith has discovered.
At first it was suspected that the Trojan installs a Web server on the victim's machine from which the mature content is served, but research by LURHQ indicates that it sets up a proxy which forwards the mature content and x-rated spam and so keeps the originating server hidden.
Machines hosting the Trojan are not harmed in any way, but spam recipients who check out the mature content on offer may become victims of fraud if they sign up for access using their credit cards.
The overall purpose appears to be establishing a semi-anonymous, distributed hosting scheme for malicious sites or for material that might invite retaliation from a Web host or the authorities, such as warez or kiddie mature content.
Only about two thousand home machines have been infected, but among them is a high proportion of AOL subscribers, implying that it may be spread via instant messaging. According to LURHQ it is easy to detect and defeat.
First, remove this registry key:
Software\Microsoft\Windows\CurrentVersion\Run\Login Service = wingate.exe
Then reboot the computer and remove this file:
%windir%\system32\wingate.exe.
The spam ads direct users to Russian mature content sites chiefly, sometimes using servers that were involved in a recent Paypal scam, Smith notes. ®
At first it was suspected that the Trojan installs a Web server on the victim's machine from which the mature content is served, but research by LURHQ indicates that it sets up a proxy which forwards the mature content and x-rated spam and so keeps the originating server hidden.
Machines hosting the Trojan are not harmed in any way, but spam recipients who check out the mature content on offer may become victims of fraud if they sign up for access using their credit cards.
The overall purpose appears to be establishing a semi-anonymous, distributed hosting scheme for malicious sites or for material that might invite retaliation from a Web host or the authorities, such as warez or kiddie mature content.
Only about two thousand home machines have been infected, but among them is a high proportion of AOL subscribers, implying that it may be spread via instant messaging. According to LURHQ it is easy to detect and defeat.
First, remove this registry key:
Software\Microsoft\Windows\CurrentVersion\Run\Login Service = wingate.exe
Then reboot the computer and remove this file:
%windir%\system32\wingate.exe.
The spam ads direct users to Russian mature content sites chiefly, sometimes using servers that were involved in a recent Paypal scam, Smith notes. ®
