Red Cross warns of Trojan horse

The American Red Cross is warning people of a credit card-stealing Trojan horse program sent via e-mail that looks like it comes from the disaster-relief organization.

In a statement, the Washington-based Red Cross said it was notified of the computer virus, dubbed Septer.Trojan, on Wednesday by its information security vendor, Symantec Corp. Cupertino, Calif.-based Symantec classified the threat risk from the virus as low because the e-mail must be sent manually.

Vincent Weafer, senior director at Symantec, said he knows of no one who has fallen for the ruse, and that Symantec has identified only the Web site where the phony donation form is located. It will take a few days to determine how many e-mails went out with the trojan, he said.

"I suspect it's not very widespread," Weafer said, since the Trojan can't self-replicate, and the recipients must be specifically targeted by the virus writer.

Security Focus Inc.'s ARIS antivirus warning service in San Mateo, Calif., also sent out an alert on the virus yesterday, although the company considers it to be low risk, spokesman Ryan Russell said.

According to the Red Cross, the virus comes in the form of an executable file attached to an e-mail message. If the user clicks on the file, he's presented with a donation request form to fill out. The e-mail appears to come from the Red Cross, United Way and the September 11 Fund. Once the form is complete, the user's personal information is saved and uploaded to a Web site not connected to the organization.

Symantec has posted a bulletin about Septer.Trojan on its Web site. A spokesman for the Red Cross couldn't be reached for comment.

Symantec said the Trojan virus won't let users close the displayed form without filling in the requested information. However, users should be able to close the form by holding down the Ctrl+Alt+Del keys and then selecting "end task." If the form hasn't been filled in, no information will be sent to the virus creator, the Red Cross statement said.

According to Symantec, the file size of the virus attachment is 518,144KB. If the recipient views it in Microsoft Corp.'s Outlook e-mail program, the attachment will display a World Wide Web icon.

Although the Red Cross isn't soliciting for donations via e-mail, the organization said it sent out an e-mail message to previous donors on Sept. 14. This message contained a link to an official, secure online donation site.

In addition, the organization said that when its nationwide chapters and business partners send out fundraising e-mail messages, the donor is directed to the American Red Cross' official Web site, the Web site of one of its chapters, or to the site of one of its online partners.

The Red Cross, which advised people who receive the fraudulent e-mail to delete it, said it has notified law enforcement officials.

Join the newsletter!

Error: Please check your email address.

More about ArisMicrosoftSymantec

Show Comments

Market Place