Trojan Hunts Down Graduating Students

Kaspersky Labs announces the exposure and neutralization of a harmful Web site that was spreading the Trojan virus CrazyBilets under the guise of a site providing exam questions to graduating students preparing for exams. CrazyBilets is a rough Russo-English conjunction meaning CrazyTickets where the word ticket in Russian refers to the actual exam itself.

On June 2 of this year, a site with the descriptive name Graduates of 2002, was exposed operating in the public access home pages of Narod.ru. The anonymous author offered visitors the chance to download a file containing the actual exams for literature and mathematics. When the file is downloaded what actually happens is the file copies a list with essays, allegedly the compositions sought by the students and of course with it came the Trojan program named CrazyBilets. Imperceptibly to the downloader the Trojan infects the computer.

While infecting the program creates a copy of itself in the Windows directory under the name SYSTEM.EXE and registers itself in the auto-launch at restart key in the registry. When re-activated CrazyBilets searches for passwords and sends them back to the violator who wrote the program. Doing this gives the possibility to manage remotely an infected machine, over-riding the control of the legal user.

This incident demonstrates once again how much computer viruses have become daily obstacles. Kaspersky Labs urges users to remember to preview all files, from both known and unknown sources, received for viruses before opening them. Moreover, experience has shown that the more sensational the name of a file is the more likely it is to make you sorry for opening it.




Share this