ECS-L Home Automation and Security Archives
  learn more | view messages for this month | NetBloc® | terms of use | search

Google
 


  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects

Subject:
From:
Date:		 [Fwd: Promail trojan]
Richard Yee
Fri, 19 Mar 1999 16:42:57 -0800
Fri, 19 Mar 1999 16:42:57 -0800 
There's a program called ProMail v1.21 that is a very nice, free mail
program.  It will take all your personal information from your computer
and send it to other people.

Just thought you might want to know.  Oh, on another note, ICQ 99a is
officially released.  Check it out at http://www.icq.com




Subject:
From:
Date:		      Promail trojan
 Patrick Oonk
	Fri, 19 Mar 1999 22:40:30 +0100


http://cool.icestorm.net/aeon/news.html

News and security advisories from Aeon Labs.

[03.99]

ProMail v1.21, an advanced freeware mail program for Windows 95/98, is a
trojan.
It has been spread through several worldwide distribution networks
(SimTel.net, Shareware.com and others) as proml121.zip.

Upon discovering - through LAN sniffing - that the program would attempt
to connect to SMTP instead of POP3 when a regular mail check was
performed, we reverse-engineered the software.

The executable, which appears to have been created with Borland Delphi,
has been packed with Petite (a shareware Win32-EXE compressor) and then
"hexed" to make disassembly harder.

ProMail v1.21 supports multiple mailboxes; every time a new mailbox is
created, an "ini" file containing the users full name, passwords, email
addresses, servers and more is generated.

Prior to doing any other action, the program performs a check for a
valid network connection which, if found, allows for the sending of ALL
of the personal user data, including the user's password in encrypted
format, to an account on NetAddress - a free email provider.

Apart from this "feature", the software is 100 % functional and very
well done.

For further information or a more detailed analysis contact us.

--
: Patrick Oonk -    http://patrick.mypage.org/  - patrick@pine.nl :
: Pine Internet B.V.           Consultancy, installatie en beheer :
: Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ :
: -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- :
: "unix is voor types zonder sociaal leven..." - Patrick van Eijk :

	Fri, 19 Mar 1999 22:40:30 +0100
  subject (prev) or (next) | time (prev) or (next) | author (prev) or (next) | view more subjects



Services provided by [NetBloc]®! NetBloc Solutions Inc.
Terms of use. Indexing software (c) 1999 Lin-De, Inc .