IDG News Service - A new Trojan horse program that attacks and removes troublesome advertising software, known as adware, is circulating on the Internet, according to antivirus company Symantec Corp.
The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii isn't entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.
Trojan horse programs are a part of a growing problem related to surreptitious monitoring and remote access programs on the Internet, which are often referred to as spyware. The programs can be unwittingly installed by users who open e-mail file attachments, or click on links in e-mail messages or on Web sites that download and install the programs on the user's computer.
Unlike viruses and worms, Trojan horse programs don't try to spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.
Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects. The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus Web sites, which may block access to certain Web pages, Symantec said.
Lunii was rated a low threat by Symantec, which released an antivirus signature to detect the Trojan on Monday.
The proliferation of spyware programs in the past year has been linked to the growth of organized criminal groups that pursue illicit gain through identity theft, extortion and other online scams, often using spyware programs to steal data or hijack compromised machines to use in online denial-of-service attacks.
The problem has attracted the attention of U.S. lawmakers. The U.S. House of Representatives voted 399-1 yesterday to pass a bill dubbed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which makes it illegal to download programs onto other users' computers without their permission, hijack someone's computer or modify its configuration settings.
Symantec recommended that its customers update their virus definitions to detect Lunii and provided instructions for removing malicious programs once they are installed.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
