|
PureBytes Links
Trading Reference Links
|
http://www.msnbc.com/news/252480.asp#BODY
CREATING A LEGITIMATE, FULLY functional Internet e-mail utility as a rogue
for a password stealer is a fresh twist on an Internet Trojan horse.
Apparently, it was good enough to fool major software sites such as CNet’s
shareware.com and Simtel.Net, and as of Monday evening, filelibrary.com was
still offering it for download. But if you install and run the program, it
will gather your full name, organization, e-mail address, user name,
password, SMTP and POP3 servers, and more — then package them up and e-mail
them to an account at NetAddress.
Aeon Labs, which calls itself an online technology research company,
posted a warning to its Web site earlier this month. A representative of
Aeon Labs wrote in a note posted to a security newsgroup that the lab
cracked into the destination accounts for the e-mail and found about 80
victims, and the company nows says there are hundreds of victims.
MSNBC downloaded the e-mail client from freeware.com on Friday. The
program’s readme notes say it was created by Smartware Inc., but Hemal C.
Mehtalia, Smartware Inc.’s president, said his company doesn’t write
software. Security Firm Data Fellows said ProMail’s “About” box indicates
the program is based on an open source code written by Michael Haller, but
Haller has nothing to do with the Trojan. He developed a free program,
Phoenix Mail, and has made the full source code available. Phoenix Mail and
its source code are available for download from this site.
JW
|