TROJ_GMAIL.51

Malware type: Trojan

Aliases: Email-Flooder.Win32.GhostMail.51 (Kaspersky), Bloodhound.Morphine (Symantec), TR/Crypt.Morphine.Gen (Avira), Troj/Gmail-51 (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:

Description: 
A remote hacker can use this Subseven utility to send server names anonymously. It records an infected users email addresses, hackers anonymous email addresses, SMTP servers and other information. Upon execution, it displays a User Interface (UI) where a remote hacker may input some necessary data for emails it sends out such as, Sender, Recipient(s), email body, and attachment.

For additional information about this threat, see:

Description created: Jul. 11, 2001 6:42:13 PM GMT -0800


TECHNICAL DETAILS


Size of malware: 631,296 Bytes

Payload 1: Displays Message

Trigger condition 1: Upon Execution

Details:
Upon execution, it displays a User Interface (UI) where necessary data for the email it sends out may be modified (i.e.Sender, Recepient(s), email body, attachment, etc). In its about option, it contains a button for its claimed official Webpage (htpp://ay.home.ml.org) and the following message:

troj_gmail.51 About GM... GhostMail v.5.1 by Albert Yale ay@aci.qc.ca ghostmail lets you send anonymous message, with or without a remailer, to any email addresses or newsgroups. email the author offical webpage close

When the Official webpage button is clicked, however, it attempts to connect to a Website that does not exist so that the following error message is displayed: troj_gmail.51 Error: the requested URL could not be retrieved http://ay.home.ml.org

troj_gmail.51 GhostMail v.5.1 by Albert Yale ay@aci.qc.ca from reply to test test@domain.org this is a test required when sending email without a remailer error: failed to connect to a server