Donald Duck

Threat description

Details

CATEGORYMalware
TYPETrojan

Summary

Since September 5th, there has been information in the media about a trojan called Donald Duck, which is said to spread with a variant of the Love Letter worm. F-Secure is not aware of such a variant of Love Letter. Instead, there has been a hacker attack against an ISP in the Philippines, where the hackers were spreading two known trojans called "donald.exe" and "erap.exe" as e-mail attachments. These files are detected by F-Secure Anti-Virus as SubSeven.backdoor.v213 and Trojan.PSW.Barok.c.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

According to reports, the messages that were circulating among the users of the ISP had the following subjects:

"DHL PROMO FREE!!! (fwd)"  

and

"erap Estrada".  

Descriptions of the SubSeven and Barok trojans can be found on our virus information pages:

https://www.europe.F-Secure.com/v-descs/subseven.shtml https://www.europe.F-Secure.com/v-descs/barok.shtml

A description of the LoveLetter worm can be found at:

https://www.Europe.F-Secure.com/v-descs/love.shtml

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info