Since September 5th, there has been information in the media about a trojan called Donald Duck, which is said to spread with a variant of the Love Letter worm. F-Secure is not aware of such a variant of Love Letter. Instead, there has been a hacker attack against an ISP in the Philippines, where the hackers were spreading two known trojans called "donald.exe" and "erap.exe" as email attachments. These files are detected by F-Secure Anti-Virus as SubSeven.backdoor.v213 and Trojan.PSW.Barok.c.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
According to reports, the messages that were circulating among the users of the ISP had the following subjects:
"DHL PROMO FREE!!! (fwd)"
Descriptions of the SubSeven and Barok trojans can be found on our virus information pages:
A description of the LoveLetter worm can be found at: