1. The Graphic Trojan
Kaspersky Labs reports the detection of a Trojan horse, FireAnvil,
embedded in a commercial product from US company,
Firehand Technologies Corporation.
"Firehand Ember Millennium" is a software program for viewing and
editing graphic files and is sold via Internet on the site
www.firehand.com. Trojan subprograms have been detected in two files of
the product: Ember32.exe - the main file of the product fireutil.dll -
library
The program is activated when the text "czy czy" is entered in the field
"Registered User ID".
Registered User ID: [_________]
Registration Key: [_________]
As the Trojan program is activated the following message is displayed:
CrAcKiNg SoFtWaRe! PlEaSe WaIt!
Then FireAnvil searches for the Windows system directory and writes the following text into the registry of all of the files within the directory:
CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!
As a result of the program's destructive function, when activated, all of the files of the Windows system directory are destroyed with no possibility of restoring them.