PKZ300 Trojan

Categoria: Scare Scoperto il: 01 gen 2000
Tipo: scare Aggiornato il: 08 giu 2006

Descrizione

A common way to distribute Trojan horses and other damaging software is to package it as a new version of a popular shareware package and put it up for download, hoping that users of the program will retrieve and run it. Due to its popularity, the shareware archiver and compression program PKZip has been a frequent target.

The most recent Trojan version of PKZip occurred in 1995. In May of that year, PKWare warned that a fake version of PKZip was being distributed. The Trojan was contained in a self-extracting archive named PKZ300B.EXE, claiming to be a new version of the program.

The self-extracting archive program itself was harmless. Inside it contained a feeble attempt at duplicating the files of a legitimate PKZip release, and a program, PKZINST.EXE, which was a Trojan. If run, it attempted to format the C: drive and then delete all the files on C:. Due to bugs in the code, these damaging effects did not actually work.

In order to reduce confusion, PKWare decided to never release a version with this number. If you ever see a file claiming to be PKZip version 3.0.0b, it is not genuine.

While the warning about the Trojanised PKZip is genuine (although the program is not actually dangerous, due to flaws), the hysteria that followed was completely out of proportion to the danger.

Sophos, and most other anti-virus vendors, have never been contacted by anyone claiming to have suffered from this Trojan. We have, however, been contacted by numerous people worried about the warning, which was spread far and wide, and appears to resurface every so often.

To summarise: PKZ300B.EXE, while a real trojan, wasn't much of a danger when it was new news, and now it is no danger at all.

Threat Level

Threat Level:

Learn more