Septer.Trojan is a Trojan horse that attempts to steal your credit card
information by pretending to be a solicitation from the American Red Cross.
Septer arrives by e-mail and appears to come from the American Red Cross, the
United Way, and the September 11 fund. Attempting to exit the donation form
results in pop-up windows urging you to complete the form. This Trojan is not
widespread and does no damage to one's computer, but because of interest in
the events of September 11, the American Red Cross and Symantec are making
people aware of Septer. This Trojan horse ranks a 2 on the ZDNet Virus Meter.
How it works
Septer arrives as e-mail that appears to originate from the American Red
Cross, the United Way, or the September 11 fund. The e-mail contains an icon
of a green-and-blue world with a miniature Microsoft logo. When the recipient
clicks the icon, a Web page opens with an appeal for a donation. The text on
the donation form reads: Terrorist Attacks On September 11, 2001, America was
hit with the worst strike of terrorism in history. Attacks on the World Trade
Center in New York City and the Pentagon in Washington D.C., as well as the
crash of flight #93 in Somerset County, Pennsylvania, have resulted in
countless injuries and the loss of thousands of lives. Your Support Is Needed
In response to these attacks, United Way and the New York Community Trust
have established the September 11th Fund. Your contribution will be used to
help respond to the immediate and longer-term needs of the victims, their
families, and communities affected by the events of September 11. Please,
donate now.
The solicitation and donation form do not come from the American Red Cross,
and information entered into the form doesn't go to the Red Cross. However,
attempting to close the donation form without filling it out prompts the
following pop-up display: Please enter information.To close the donation
form, press Ctrl-Alt-Delete, and Windows will open the Task Manager. From the
Task Manager, highlight and close the Web application hosting the fraudulent
donation form. This should close the form without sending any information.
The <A
HREF="http://www.redcross.org/press/other/ot_pr/011018virus.html&quo...
Red Cross</A> has more information about this Trojan horse and how
to legitimately make an online donation. Removal
At this time, only Symantec has updated its antivirus signature files to
remove this Trojan horse. For more information on removing Septer, see <A
HREF="http://www.symantec.com/avcenter/venc/data/septer.trojan.html&...
Symantec</A>.