Trojan horse scanner pitch is a sneaky worm

An e-mail message announcing a new Trojan horse scanner is itself an Internet worm that could flood servers with useless e-mail.

With more people all the time connected to the Internet, the danger of Trojan horses, malicious programs that communicate passwords and other private information to others on the Internet, is very real. Antset is a worm that arrives by e-mail and claims to be a Trojan horse scanner. It is not. At least three variations of Antset (W32.Anset.A@mm, W32.Anset.B@mm, and W32.Anset.C@mm) are floating around the Internet. Antset is capable only of sending multiple e-mail messages and does not damage PCs, so this worm ranks a 4 on the CNET Virus Meter.

How it works

Antset arrives as an e-mail solicitation for a Trojan horse scanner. The subject line reads "ANTS Version 3.0." The body text for the original worm is in German and reads:

"Hi, Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen."

The English translation reads:

"Hi, attached you will find the brand new version 3.0 of ANTS, the unique freeware Trojan scanner. To install ANTS, simply run the attached setup file."

The body text concludes with the following salutation

"Adieu, Andreas webmaster@avnetwork.de http://www.ants-online.de."

The named Web site is legitimate but contains a disclaimer regarding this worm. Antset also contains an attachment named ants3set.exe.

If a user clicks the attached file, Antset searches the Microsoft Outlook address book for addresses to which to send copies of itself, then looks for more e-mail addresses within the following file types: PHP, HTM, SHTM, CGI, and PL.

Worms like Antset usually contain a Registry key that prevents the worm from installing itself more than once. Antset does not have this feature and could produce multiple Registry entries and numerous extra files in the Windows subdirectory. Antset also has a few programming bugs that affect its ability to spread and may not function on all Windows computers.

Removal

Most antivirus software companies have updated their signature files to include this worm. For more information on removing Antset from your system, see Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Add your opinion

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

1. There won't be an end to these problems until the likes of Microsoft, ISP's and the authorities come down hard on the authors. None of them have shown any sign of taking much action. They do almost NOTHING which is really effective, even when you report t Keith Styles -- 26/10/01

   There won't be an end to these problems until the likes of Microsoft, ISP's and the authorities come down hard on the authors. None of them have shown any sign of taking much action. They do almost NOTHING which is really effective, even when you report the source to them.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Login

E-mail Password (forgot?)

Login Remember

Like 124,000 other people join the community and get the latest news from the IT industry.

Hot Spot - What's Important

Footy Club switches to Single Business Communications Solution

Connect growing business demands using Next Dimension Working™

Click here to find out more about Telstra's single solution vendor capabilities

Find out how to combine network connectivity with mobile broadband and IP telephony

Reader Services

Popular Topics

Essentials