As reported last week on June 14, Kaspersky Lab continues to warn users about the discovery of the Trojan “Goga” that steals and sends out from infected computers user details for Internet access (i.e., login, password and other information). Kaspersky Lab, together with other anti-virus developers has already received several reports of the Trojan being detected “in the wild.”
“Goga” has two distinguishing features: the first is that it utilizes files in RTF format as a means for spreading, confusing users in as much as they believe these files to be absolutely safe, often opening them without first administering an anti-virus check. The second is that the Trojan exploits a well-known breach in the Microsoft Word security system, allowing a malefactor to launch a malicious code, unbeknownst to a user, immediately following the opening of an infected document.
Should a computer not be installed with the proper patch thwarting this breach, then, when the infected RTF file is read, MS Word automatically downloads a template containing the malicious macro-program from a remote Web site without any warning whatsoever. This macro-program extracts additional utility from the RTF file’s binary section. This utility searches the infected computer and creates another TXT file containing user Internet access details. At this point, “Goga” starts up the script program that publishes the newely created TXT file in a Web-site guest book open to the general public. The virus writer is now able to periodically cull stolen information from this site.
Users are warned about falling prey to this RTF-file danger. We once
again recommend that ALL users install the MS Word patch to be protected
against this Trojan and any other malicious programs exploiting this breach
ASAP.
We thank you ALL for your kind votes which made this site FIRST in two categories.
A 10 vote = Very Good
A 1 vote = Waste of cyber Space !
ALL those sending emails of thanks are kindly requested to indicate whether these are for publication.
IMPORTANT NOTICE:
ALL those who are receiving this advise
and in the "name" field they find 'FAILED' and a 6 or 8 digit figure
after it, should be advised that at least once, emails to that address
have been received back by us. As the list of subscribers now exceeds 100,000, and since this
is a free service, we kindly urge you to become a registered
subscriber to this service and ensure delivery by subscribing under
a reliable email address. WE REGRET THAT AS AFTER THIS ISSUE,
ALL ADDRESSES THAT ARE NOT DELIVERABLE WILL BE REMOVED FROM THE LIST.
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty
of any kind. In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits
or special damages.
PLEASE ADVISE ALL YOUR FRIENDS ON YOUR LIST
PLEASE ALSO NOTE THE FOLLOWING:
1) You are currently SUBSCRIBED to our mailing list
2) If you are receiving more than one copy of this warning please click here
3) If you DO NOT wish to receive anymore of these alerts, please click here
4) YOUR friends are also welcome to be on the VIRUS ALERT but an email has to be
sent to the Webmaster by themselves so that a record of all requests can be kept in case
somebody cries "SPAM" ! Simply click here
and send the email as it appears.
5)THIS IS A FREE SERVICE RUN IN THE PUBLIC INTEREST BY
6) ALSO PLEASE BE ADVISED THAT YOUR EMAIL WILL
NEVER BE SOLD, EXCHANGED OR IN ANYWAY WHATSOEVER DISCLOSED TO ANYBODY ELSE.
******
Fabian Brincat
Webmaster
Fabian Enterprises Ltd.
SEE PREVIOUS VIRUS ALERT
RETURN TO VIRUS ALERT MAIN INDEX
©ALL MATERIAL IS PROTECTED BY COPYRIGHT LAWS AND MAY NOT BE REPRODUCED IN ANY FORM WHATSOEVER WITHOUT THE PRIOR WRITTEN CONSENT OF THE WEBMASTER.
210601/110904/061004
