'Cute' Trojan Horse Spreading by E-Mail

A pair of antivirus companies is warning users to look out for an e-mail worm that could allow attackers to take over their machines and try to damage firewall and security programs.

Santa Clara, California-based Network Associates' McAfee.com unit and Cupertino, California-based Symantec are both warning computer users to watch out for an e-mail message with a subject line: "Thoughts..."

Inside, users find a short note reading: "I just found this program, and, i dont know why... but it reminded me of you. check it out." Inside the message is an attachment called Cute.exe.

Statements released by both Symantec and Sunnyvale, California-based McAfee say the package will unleash a Trojan horse worm that will look for security programs inside a user's machine and attack them. Both companies have labeled the worm a "low" risk and offer instructions on their Web sites on how to remove it.

Under Attack

The program will also allow attackers to do the following:

• Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messenger
  
  
• Send e-mail
  
  
• Initiate denial-of-service attacks
  
  
• Access, move, copy, or delete files
  
  
• Access, move, copy, or delete file transfer protocol files
  
  

The program will copy itself to the Windows directory and create two registry keys, according to McAfee's statement. Two INI keys are also created. Then "the worm looks for E security programs [including antivirus and firewall programs] in memory and terminates them if found," the statement says.