‘Cute’ Trojan horse attacks through e-mail

A pair of antivirus companies is warning users to look out for an e-mail worm that could allow attackers to take over their machines and try to damage firewall and security programs.

Santa Clara, Calif.-based Network Associates Inc.’s McAfee.com Corp. unit and Cupertino, Calif.-based Symantec Corp. are both warning computer users to watch out for an e-mail message with a subject line: “Thoughts…”

Inside, users find a short note reading: “I just found this program, and, i dont know why… but it reminded me of you. check it out.” Inside the message is an attachment called Cute.exe.

Statements released by both Symantec and Sunnyvale, Calif.-based McAfee say the package will unleash a Trojan horse worm that will look for security programs inside a user’s machine and attack them. Both companies have labelled the worm a “low” risk and offer instructions on their Web sites on how to remove it.

The program will also allow attackers to do the following:

– Send instant messages from an infected machine using either MSN Messenger or AOL Instant Messenger

– Send e-mail

– Initiate denial-of-service attacks

– Access, move, copy or delete files

– Access, move, copy or delete file transfer protocol files

The program will copy itself to the Windows directory and create two registry keys, according to McAfee’s statement. Two INI keys are also created. Then “the worm looks for E security programs (including antivirus and firewall programs) in memory and terminates them if found,” the statement said.