Trojan.Ascetic.C



Emyeu
07-09-2005, 10:48 PM
There is a new virus, Trojan.Ascetic.C.
It uses its own SMTP engine to send spam email to addresses gathered from
the compromised computer.
How this virus infect a machine?
If click on the link of the spam email, will it be infected?

David H. Lipman
07-09-2005, 10:48 PM
From: "Emyeu" <cmchong20@yahoo.com>

| There is a new virus, Trojan.Ascetic.C.
| It uses its own SMTP engine to send spam email to addresses gathered from
| the compromised computer.
| How this virus infect a machine?
| If click on the link of the spam email, will it be infected?
|

It depends on how you look at it. This looks like a Symantec rename of the Sober.Q which is
a mass mailing Internet worm and infects others via email. It is confusing because the
various AV vendoes have different bnaming conventions but the Sober has both Virus (email
worm) and Trojan variants.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.ascetic.c.html

http://vil.nai.com/vil/content/v_133684.htm

http://vil.nai.com/vil/content/v_126243.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Emyeu
07-09-2005, 10:48 PM
What i meant is, in the first place how this worm infected a machine.
The body of the emails may contain serveral links. What will happen if user
click on any of the link?



>
> It depends on how you look at it. This looks like a Symantec rename of
> the Sober.Q which is
> a mass mailing Internet worm and infects others via email. It is
> confusing because the
> various AV vendoes have different bnaming conventions but the Sober has
> both Virus (email
> worm) and Trojan variants.
>
> http://securityresponse.symantec.com/avcenter/venc/data/trojan.ascetic.c.html
>
> http://vil.nai.com/vil/content/v_133684.htm
>
> http://vil.nai.com/vil/content/v_126243.htm
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Axel Pettinger
07-09-2005, 10:48 PM
Emyeu wrote:
>
> What i meant is, in the first place how this worm infected a machine.

"Trojan.Ascetic.C" - as Symantec calls it - isn't a worm. The last Sober
*worm* variant appeared on May 2nd. That worm downloaded[1] and
installed the mentioned trojan on infected computers last weekend. So
you could only become infected with the trojan if you were infected with
the last Sober worm variant before.

> The body of the emails may contain serveral links. What will happen if
> user click on any of the link?

Several of the links point to German magazine sites, others are links to
NDP (German extreme right-wing party) sites. They really shouldn't
contain malicious (software) code.

Regards,
Axel Pettinger

[1] HTTP-Download


Trojan.Ascetic.C