Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AOL hit with password-stealing virus

AOL hit with password-stealing virus

by Phiber on February 2nd, 2001 Members of America Online (AOL) were warned Thursday to be on the lookout for a trojan horse virus that can steal their passwords, potentially allowing a hacker to access their e-mail and other personal information......


The virus, dubbed APStrojan.qa, emerged Jan. 25 and is the most active in a string of similar viruses affecting AOL users that have been identified over the past year, according to antivirus software vendor McAfee.com Corp. In the past 30 days reports of the virus have increased 100 percent, said April Goostree, a virus research manager at McAfee.com.

It wasn't clear exactly how many users have been affected, but the number is "significant," Goostree said. The virus has been rated a medium risk for AOL users, and low to medium risk for corporate users.

A trojan virus is a malicious program that arrives disguised as a harmless application but in fact carries a nasty payload. The AOL trojan takes the form of an attachment named "mine.zip" and spreads itself in an e-mail bearing the subject line "hey you." Text in the body of the message suggests that the attachment contains scanned images, McAfee.com said in a statement.

The virus tries to steal the account numbers and passwords of AOL users and, if successful, will e-mail them back to the author of the virus. This could give the hacker access to user's email and other personal information.

When a user logs onto the AOL service, the virus will also try to e-mail itself to all of the contacts listed in that member's Buddy List. That means users who are not AOL members can also receive the virus. Those non-AOL users are not at risk of having passwords stolen, but the virus will slow down the performance of any PC it infects, Goostree said.

This ability of the virus to e-mail itself to other users occurs only with version 4.0 of AOL's software. Improvements to versions 5.0 and 6.0 prevent the virus from replicating itself, although it can still steal passwords from users of those versions. In addition, when a user of AOL version 6.0 is infected, the virus creates a pop-up message urging the user to switch back to version 4.0 of the software, Goostree said.

AOL 4.0 users constitute a "distinct minority" of members, with most using versions 5.0 or 6.0, said AOL spokesman Andrew Weinstein.

AOL has provided links on its Web site to information about the virus, as well as to a free "one click fix" provided by McAfee.com which is available at http://aol.mcafee.com. However, the company played down the significance of the virus and said it hasn't felt the need to send a warning to its members via e-mail.

"Obviously we can't speak for McAfee, but we haven't seen a significant increase in the number of people affected," Weinstein said.

The virus is written in Visual Basic 5, and first appeared in a slightly different form in January of 2000. As with other viruses, hackers have since played with the virus code to create new strains, trying to stay one step ahead of antivirus programs that detect it.

"As we've been tracking it over the past few months we have watched this thing increase in activity," Goostree said. "In the last 30 days we've watched it increase 100 percent, so we said, 'OK, we need to talk to AOL and get this thing wiped out.'"

Word of the virus apparently hasn't reached all corners of AOL. An AOL member in Quebec told the IDG News Service in an e-mail message that he called the company to ask about the virus and was told by a member of its technical support staff that they did not know about it. They also told him that reports of the virus "may be a rumor," the AOL member said.

IDG.net


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »