Trojan.Anymail

Printer Friendly Page

Discovered: December 18, 2003
Updated: December 20, 2003 7:12:22 PM
Systems Affected: Windows

Trojan.Anymail is a mail bot that attempts to connect to a remote machine in order to download a configuration file that is used to send mail to targeted users.


Technical Description

Trojan.Anymail is a mail bot that attempts to connect to a hard coded URL in order to download a configuration file that is used to send mail to targeted recipients.

When the trojan is executed, it attempts to download the following encrypted file from a hard coded URL:
Config.cfg

The Config.cfg file contains the following information:
The SMTP server to be used
Email recipients
Subject, body, and attachments of the email
Time interval determining when to send email messages

It sends e-mail to targeted recipients according the parameters specified in Config.cfg.

It then updates the following file:
Sended_count.cfg