Trojan VIRUS Reported - Beware


New AOL Trojan has been reported.

It comes from a web site called Naked Peach. The web site link arrives in e-mail from a friend.

When the link is clicked, it most often displays a bogus Flash Player download screen but not always. If you click yes on the flash player, or even without the flash player, the web site drops two files, axe.ocx (an ActiveX control) and aol.exe. Then you get knocked off line.

When you run AOL, the bogus aol.exe is run which displays a password screen and sends this information out via e-mail and your password is stolen.

Note! This Trojan is known to overwrite the valid AOL file AOL.EXE. If the Trojan is reported in a copy of AOL.EXE in your current America Online directory then once the Trojan has been renamed you will need to install a new copy of the AOL software in order for it to work.

** Begin sample e-mail message **

From: (name of infected person, generally a friend)
Subj: Random
Date: Any

Message:
Hey check out this movie it reminds me of you. If you don't have flash you have to say yes to install it click here.

** End sample e-mail message **

How to protect yourself from the AOL Trojan:

* Simply Software discovered this Trojan and the current Trojan Remover (available from the Anti-Virus & Security Library) when set to scan all files, will detect this Trojan. Trojan Remover can be safely run with your current Anti-Virus software.

* If you are running Norton Anti-Virus, update the database.

* Currently no other anti-virus programs detect this Trojan.

To find out about the latest online scams and viruses, and to learn more about features AOL offers to help you have a safe and enjoyable online experience, return to Keyword: Neighborhood Watch and Keyword: Virus regularly.
mrchips

Thanks for the tip, but I quit opening any emails from people or places I don’t recognize. If Music Direct or Audio Research get hacked I could be in trouble.

 

Thanks for the tip. I never open anything from anyone I don't know and haven't run into any problems yet (kow). It sounds like you can simply erase the file without opening it and be safe. Again, thanks.
One of the first tip-offs. If you ever get an e-mail with the title "message from a friend" - it ain't!
Although I can't verify your annouscement with either Network Associates or Symantec (I always assume postings/mailing like this are a hoax, until substantiated. The IS/IT professional in me has to be sure the threat is real), this sounds like another attempt at social engineering (trogan masquerading as a flash plugin, so user clicks it without thinking). Remember the NakedWife trojan ?