rik
October 11th, 2004, 20:31 PM
http://www.kbalertz.com/kb_873018.aspx
Microsoft has learned of a Trojan horse program that is named W32/Berbew (variants A-H) that is downloaded after a Microsoft Windows-based client computer is infected with the Download.Ject malware. This problem occurs when a user visits a Web site that is hosted on a server that is running Microsoft Internet Information Services (IIS) and that has been infected by JS.Scob. The Web pages that are downloaded to the user's computer contain an additional JavaScript program that downloads the Backdoor:W32/Berbew Trojan horse. Backdoor:W32/Berbew is also known as Backdoor-AXJ, Webber, or Padodor. When this Trojan horse runs on the user's computer, it performs several actions, including the following:
It monitors Internet access. When the user visits one of several financial or ISP Web sites, the Trojan horse captures sensitive information, such as log-in names, passwords, and other sensitive information. The Trojan horse then sends that information to a Web server for the Trojan horse's author to retrieve. It installs a proxy server that configures the user's computer for use as a relay for such actions as sending spam.
It opens fake dialog boxes that prompt the user to enter confidential information, such as ATM card codes or credit card numbers. This information is then sent to a Web server for the Trojan horse's author to retrieve.
Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan horse variants from your computer. You can download this tool from the Microsoft Download Center and run it on your computer to remove Backdoor:W32/Berbew.A, Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D, Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and Backdoor:W32/Berbew.H infections.
The full article and detection/removal tool is available at the link.
Microsoft has learned of a Trojan horse program that is named W32/Berbew (variants A-H) that is downloaded after a Microsoft Windows-based client computer is infected with the Download.Ject malware. This problem occurs when a user visits a Web site that is hosted on a server that is running Microsoft Internet Information Services (IIS) and that has been infected by JS.Scob. The Web pages that are downloaded to the user's computer contain an additional JavaScript program that downloads the Backdoor:W32/Berbew Trojan horse. Backdoor:W32/Berbew is also known as Backdoor-AXJ, Webber, or Padodor. When this Trojan horse runs on the user's computer, it performs several actions, including the following:
It monitors Internet access. When the user visits one of several financial or ISP Web sites, the Trojan horse captures sensitive information, such as log-in names, passwords, and other sensitive information. The Trojan horse then sends that information to a Web server for the Trojan horse's author to retrieve. It installs a proxy server that configures the user's computer for use as a relay for such actions as sending spam.
It opens fake dialog boxes that prompt the user to enter confidential information, such as ATM card codes or credit card numbers. This information is then sent to a Web server for the Trojan horse's author to retrieve.
Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan horse variants from your computer. You can download this tool from the Microsoft Download Center and run it on your computer to remove Backdoor:W32/Berbew.A, Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D, Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and Backdoor:W32/Berbew.H infections.
The full article and detection/removal tool is available at the link.