New trojan program squashes adware
A new Trojan horse program that attacks and removes troublesome advertising software, known as "adware," is circulating on the Internet, according to antivirus company Symantec Corp.
The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.
Trojan horse programs are a part of a growing problem related to surreptitious monitoring and remote access programs on the Internet, which are often referred to as "spyware." The programs can be unwittingly installed by users who open e-mail file attachments, or click on links in e-mail messages or on Web sites that download and install the programs on the user's computer.
Unlike viruses and worms, Trojan horse programs do not try spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.
Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec said.
Lunii was rated a low threat by Symantec, which released an antivirus signature to detect the Trojan on Monday.
The proliferation of spyware programs in the last year has been linked to the growth of organized criminal groups that pursue illicit gain through identity theft, extortion and other online scams, often using spyware programs to steal data or hijack compromised machines to use in online denial of service attacks.
The problem has attracted the attention of U.S. lawmakers. The U.S. House of Representatives voted 399-1 Tuesday to pass a bill dubbed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which makes it illegal to download programs onto other users' computers without their permission, hijack someone's computer or modify its configuration settings.
Symantec recommended that its customers update their virus definitions to detect Lunii and provided instructions for removing malicious programs once they are installed. (See: http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html.)
IDG News Service
pasmith
Kindle news: pricing, business models and ... source code?
mulderjoe
Cell phone gaming: In search of good mobile games
jfruh
The guts of the iPhone 3GS
Enter your caption for this week's cartoon! The winner will receive a $25 Amazon gift card. Go now!
Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!
The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!
