« Scrubbing Random Word Lists | Main | More on Phishers With Trojans »

November 04, 2005

Well, this is a new one for me. When scanning the source code of a PayPal phishing message, I saw that the operative link was not to a Web page or server script, but rather to a direct download of an executable program (with a .exe extension). Examining the data at the other end of the URL showed it to really be a Windows-based application program. Further investigation revealed that the program—which would normally be downloaded directly to a Windows user's machine—is, in fact, a Trojan Downloader.

A Trojan Downloader typically operates to install silently one or more programs embedded within the downloader. Those programs, in turn, fetch more programs that can do things such as disable virus protection, log keystrokes, and turn your PC into a slave in a botnet.

I'll keep saying it a million more times: Clicking on links in suspicious or unsolicited email messages can be lethal to your PC and your identity. Use the tips in Spam Wars to help you identify bad stuff safely before it can do you any harm.