Septer arrives by e-mail and appears to come from the American Red Cross, the United Way, and the September 11 fund. Attempting to exit the donation form results in pop-up windows urging you to complete the form.
This Trojan is not widespread and does no damage to one's computer, but because of interest in the events of September 11, the American Red Cross and Symantec are making people aware of Septer.
How it works
Septer arrives as e-mail that appears to originate from the American Red Cross, the United Way, or the September 11 fund. The e-mail contains an icon of a green-and-blue world with a miniature Microsoft logo. When the recipient clicks the icon, a Web page opens with an appeal for a donation. The text on the donation form reads:
- Terrorist Attacks
On September 11, 2001, America was hit with the worst strike of terrorism in history. Attacks on the World Trade Center in New York City and the Pentagon in Washington D.C., as well as the crash of flight #93 in Somerset County, Pennsylvania, have resulted in countless injuries and the loss of thousands of lives.
Your Support Is Needed
In response to these attacks, United Way and the New York Community Trust have established the September 11th Fund. Your contribution will be used to help respond to the immediate and longer-term needs of the victims, their families, and communities affected by the events of September 11.
Please, donate now.
The solicitation and donation form do not come from the American Red Cross, and information entered into the form doesn't go to the Red Cross. However, attempting to close the donation form without filling it out prompts the following pop-up display:
- Please enter information.
To close the donation form, press Ctrl-Alt-Delete, and Windows will open the Task Manager. From the Task Manager, highlight and close the Web application hosting the fraudulent donation form. This should close the form without sending any information.
The American Red Cross has more information about this Trojan horse and how to legitimately make an online donation.
Removal
At this time, only Symantec has updated its antivirus signature files to remove this Trojan horse. For more information on removing Septer, see Symantec.
