Apher worm spreads a Russian backdoor Trojan horse
Summary
Topics
Why would Microsoft send you an announcement of a newantivirus product from Russia? It wouldn't. Yet the author of the Apher worm(w32.apher@mm) is willing to bet someone will fall for it. Unfortunately, Apherincludes a known Trojan horse, Backdoor.Death.25, which provides an attackeraccess to the compromised computer. Because Apher sends e-mail but doesn't directlydamage computer files, the worm ranks a 4 on the ZDNet Virus Meter.
How it works
Apher appears to be e-mail from Microsoft announcing the arrival of newantivirus software from Kaspersky, a Russian antivirus company. The subjectline reads: "Protect Your NetWare with KasperskyTM Anti-Virus." . Thebody text reads:
- "Kaspersky Labs, aninternational data-security software developer, announces the official releaseof Kaspersky Anti-Virus 4.0. "We are pleased to present the latest versionof our anti-virus product. The unique technology, updated design, and perfectedadministering system integrated into Kaspersky Anti-Virus 4.0 is the result ofmany years of work dedicated to improving the ease of working with the program andincreasing computer defense reliability," said Natalya Kaspersky,Kaspersky Labs CEO. The new Kaspersky Anti-Virus version (Personal Pro,Personal, Lite) fully supports the Microsoft Windows XP operating system.Amongst this version's latest innovations are: a complete user interface upgradecorresponding to Tree Chart technology; perfected system installation thatallows for the saving the configuration of previously installed versions, and aquarantine feature for isolating infected and suspicious objects; expandedtreatment of infected archived files; an added function for the treatment ofMicrosoft Outlook Express and objects upon system start up and also a memoryscanning of active applications; and simplified operating features for diskrecovery.
Best regards,
If you have any questions
please call
+1(866) 7280-290
The Apher worm includes an attached file: "aaprices.exe"
Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installedthe Security Update should be safe from the attached EXE file in Apher. Userswho have not upgraded to Outlook 2002 or who have not installed the SecurityUpdate for Outlook 2000 should do so. In general, do not open attached files ine-mail without first saving them to hard disk and scanning them with updatedantivirus software. Contact your antivirus vendor to obtain the most currentantivirus signature files that include Apher.
Removal
A few antivirus software companies have updated their signature files toinclude this worm. This will stop the infection upon contact and in some caseswill remove an active infection from your system. For more information, see
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
