August 2005

This message is partly correct. The body of the message describes a real Trojan that was being distributed in July of 2004. The message included a link to a Trojan program that got installed when you clicked the link. Recently (Aug. 2005) variants of this Trojan message have been seen. Thus the body is largely correct and the link to snopes takes you to a description of the original Trojan message.

The headline of the message is totally wrong. Opening the e-mail will not instantly infect your computer and cause it to crash. Opening the e-mail and then clicking on the link will cause your computer to be infected with the Trojan but will not likely make it crash. If you have an antivirus package installed and have kept it up to date, the antivirus program will stop the Trojan. If you have kept your system up to date, the hole that allowed the Trojan to install itself in Windows will also be closed and the Trojan will not work.

Subject:This is a legit warning

Check this one out!!!!

Warning

Emails with pictures of Osama Bin-Laden hanged are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!!!

This e-mail is being distributed through countries around the globe, but mainly in the US and Israel.

Don’t be inconsiderate; send this warning to whomever you know.

Confirmed at: http://www.snopes.com/computer/virus/osama.asp

Origins: There are few headlines that would grab the attention of more computer users around the world than "Osama bin Laden Captured," and that’s exactly what whoever created this lure was counting on to snare unsuspecting victims who use Microsoft platforms.

"Osama bin Laden Captured" isn’t a virus in itself; it’s the text of a message that includes a link to a file called EXPLOIT.EXE. When a message recipient clicks on this link to view what he thinks are pictures of Osama bin Laden’s capture, he can end up downloading an executable Trojan known as Backdoor-AZU, BKDR_LARSLP.A, Download.Trojan, TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in the "Osama bin Laden Captured" message auto-executes a file called "EXPLOIT.EXE," which exploits a known security hole to download the Trojan. According to McAfee Security:

The Trojan opens a random port on the victim’s machine. It sends the Port information to a webpage at IP address 66.139.77.145. The Trojan listens on the open port for instructions and redirects traffic to other IP addresses.

Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous.

Microsoft has made available updates that close the hole exploited by this Trojan.

Mr.B