Printer Friendly
The Free Library
14,505,807 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Y2KCount: a Trojan that Searches for Passwords in E-mail Messages.


SAN FRANCISCO--(BUSINESS WIRE)--September 17, 1999--

Y2KCount (aka "Polyglot pol·y·glot  
adj.
Speaking, writing, written in, or composed of several languages.

n.
1. A person having a speaking, reading, or writing knowledge of several languages.

2. ") uses electronic mail to reach its victims, guised as a message with the "Microsoft Announcement" subject and "support@microsoft.com" as the sender. The e-mail contains an attachment called Y2KCount.exe that, when executed, installs the Trojan on the system.

This Trojan has been found circulating around the Internet, as the UK has informed us:

"Since last night, we have seen 3 copies of this Trojan. Our analysis lead us to suspect that this was a virus, and we therefore put protection in place immediately, using our own emergency scanner," says Alex Shipp, virus technologist at Star Internet. Star is unique in that it is the only ISP (1) See in-system programmable.

(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines.  worldwide who protect their customers by scanning all e-mails for viruses. "Initial analysis showed many similarities to ExploreZip; the method of propagation via email is similar," says Shipp.

As well as other Trojans and worms, Y2KCount uses social engineering to dupe users. The following text is found in the message body: 

"To All Microsoft Users,

We are excited to announce Microsoft Year 2000 Counter.
Start the countdown NOW. Let us all get in the 21 Century.
Let us lead the way to the future and we will get YOU there FASTER and
SAFER.

Thank you,

Microsoft Corporation"


When the attachment is executed, Y2KCount starts infecting the computer and displays a message that is similar to WinZIP error warnings:

"Error!..Password protection error or invalid CRC (Cyclical Redundancy Checking) An error checking technique used to ensure the accuracy of transmitting digital data. The transmitted messages are divided into predetermined lengths which, used as dividends, are divided by a fixed divisor. 32"

After this message has been displayed, the Trojan drops the PROCLIB PROCLIB Procedure Library .DLL (1) See data link layer.

(2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. , PROCLIB.EXE, PROCLIB16.DLL and NTSVSRV.DLL files into the Windows System directory and modifies the SYSTEM.INI file. It then overwrites WSOCK WSOCK Windows Sockets 32.DLL with PROCLIB16.DLL, and saves a copy of WSOCK32.DLL as a file called NLHVLD.DLL.

The destructive effects of Y2KCount are triggered off when the infected PC receives a "signal" from port 5888, supposedly sent by the Trojan's author. From this point onwards, Y2KCount monitors up to 10 transmissions simultaneously. Its objective is to steal the victim's password or user name in order to subsequently send it to the author.

Panda has added this latest threat to its virus signature file A file containing the binary patterns of known viruses. See virus signature.  in order to effectively protect Panda Antivirus users.

About Europe's Leading Independent AV Developer

Panda Software offers a great variety of solutions aimed at satisfying the specific needs of all kinds of users, from large companies with complex networks to home users. Among a wide range of products, the leading two are Global Virus Insurance 24h-365d and Panda Antivirus 6.0 Platinum.

Panda has been awarded antivirus quality certifications by the International Computer Security Association (ICSA See TruSecure. ) and West Coast Lab's Checkmark, making it the only developer with solutions certified by both institutions for Windows 98, Windows 95, Windows 3.x, Windows NT Workstation, OS/2, DOS, Windows NT Server and Novell NetWare. Panda has also recently obtained the highest qualification in virus detection and disinfection disinfection,
n the process of destroying pathogenic organisms or rendering them inert.

disinfection, full oral cavity,
n a procedure used to reduce active periodontal disease, usually completed within a certain short time frame.  (Checkmark Level Two and ICSA.net Cleaning) and anti-Trojan tests (Trojan Checkmark).

For further info and evaluation copies, please visit http://www.pandasoftware.com/corporate.
COPYRIGHT 1999 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1999, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Sep 17, 1999
Words:511
Previous Article:Dynex Capital, Inc. Delays Declaration of Third Quarter 1999 Preferred Dividends.
Next Article:OPTISON Featured at Echocardiography Scientific Forum; OPTISON Studied in Patients with Recent Myocardial Infarction.
Topics:



Related Articles
End Email Chaos: An Introduction To Email Data Management.(Industry Trend or Event)
Lyris e-mail management software.
Products for unfettered communications. (Technology Highlights).(Banter Relationship Modeling Engine 5.0)
Klez worm most prolific virus of year. (Virus Notes).
MyDoom-0 computer worm spreading quickly.(News)(Brief Article)
Defining spyware terms.(Virus Notes)
First Trojan to attack Microsoft anti-Spyware product.(Security)
Ransom Trojan horse demands money with menaces.(Ransom-A Trojan horse)(data security)
Computers, networks and theft.(SOFTWARE WORLD INTELLIGENCE)
What e-mail hackers know that you don't.(Infosecurity Europe 2006: 25th-27th April 2006, Olympia, London.)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles