New trojan program squashes adware
A new Trojan horse program that attacks and removes troublesome advertising software, known as "adware," is circulating on the Internet, according to antivirus company Symantec Corp.
The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.
Trojan horse programs are a part of a growing problem related to surreptitious monitoring and remote access programs on the Internet, which are often referred to as "spyware." The programs can be unwittingly installed by users who open e-mail file attachments, or click on links in e-mail messages or on Web sites that download and install the programs on the user's computer.
Unlike viruses and worms, Trojan horse programs do not try spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.
Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec said.
Lunii was rated a low threat by Symantec, which released an antivirus signature to detect the Trojan on Monday.
The proliferation of spyware programs in the last year has been linked to the growth of organized criminal groups that pursue illicit gain through identity theft, extortion and other online scams, often using spyware programs to steal data or hijack compromised machines to use in online denial of service attacks.
The problem has attracted the attention of U.S. lawmakers. The U.S. House of Representatives voted 399-1 Tuesday to pass a bill dubbed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which makes it illegal to download programs onto other users' computers without their permission, hijack someone's computer or modify its configuration settings.
Symantec recommended that its customers update their virus definitions to detect Lunii and provided instructions for removing malicious programs once they are installed. (See: http://securityresponse.symantec.com/avcenter/venc/data/downloader.lunii.html.)
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
