McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Detection was added to cover for a file originally called email.php , having a filesize of 1022 bytes decimal.

It is a PHP script that can be abused to perform mass-mailing to a certain manually specified recipient.

Variable items to fill in include the "from" e-mail address, the "to" e-mail address, the "subject" information, the body "content" and most importantly here, the loop count number that determines how many times the e-mail will be sent. Note that the php script didn't have an entry to include a default e-mail file attachment . 

The recipient receives an e-mail flood of the same messages over & over filling the user's mailbox.

Symptoms

The recipient receives an e-mail flood of the same messages over & over filling the user's mailbox.

Method of Infection

The script is not a virus, it doesn't spread itself/replicate.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

Detection was added to cover for a file originally called email.php , having a filesize of 1022 bytes decimal.

It is a PHP script that can be abused to perform mass-mailing to a certain manually specified recipient.

Variable items to fill in include the "from" e-mail address, the "to" e-mail address, the "subject" information, the body "content" and most importantly here, the loop count number that determines how many times the e-mail will be sent. Note that the php script didn't have an entry to include a default e-mail file attachment . 

The recipient receives an e-mail flood of the same messages over & over filling the user's mailbox.

Symptoms

Symptoms -

The recipient receives an e-mail flood of the same messages over & over filling the user's mailbox.

Method of Infection

Method of Infection -

The script is not a virus, it doesn't spread itself/replicate.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A