New password stealing Trojan discovered

MessageLabs warns of password stealing trojan

Written by ZDNET Editors, Contributor May 9, 2004 at 10:55 p.m. PT

E-mail security provider MessageLabs has discovered a new password stealing trojan, however at this stage the company is still treating it as a low-level threat.

Technical director of MessageLabs Asia Pacific, David Banes, said the trojan is an example of a hybrid attack.

MessageLabs said that it discovered the trojan, dubbed yes2k.exe, in a series of spam e-mails. The message exploits an Internet Explorer vulnerability that allows it download a script. When the script executes, it downloads a copy of yes2k.exe to the victim PC and runs it.

-The new threat clearly illustrates the convergence of spam and malicious code because the spam emails contain a link to a potentially damaging trojan," said Banes.

Banes warned organisations that anti-virus solutions alone are not good enough to protect their networks against threats such as this.

"The issue is much broader, requiring total email security. We recommend companies and governments adopt solutions that protect against all forms of email threats - viruses, spam and pornographic content," said Banes.

Editorial standards

Show Comments

New password stealing Trojan discovered

Related

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

The best AI image generators to try right now