Since September 5th, there has been information in the media about a trojan called Donald Duck, which is said to spread with a variant of the Love Letter worm. F-Secure is not aware of such a variant of Love Letter. Instead, there has been a hacker attack against an ISP in the Philippines, where the hackers were spreading two known trojans called "donald.exe" and "erap.exe" as e-mail attachments. These files are detected by F-Secure Anti-Virus as SubSeven.backdoor.v213 and Trojan.PSW.Barok.c.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
According to reports, the messages that were circulating among the users of the ISP had the following subjects:
"DHL PROMO FREE!!! (fwd)"
Descriptions of the SubSeven and Barok trojans can be found on our virus information pages:
A description of the LoveLetter worm can be found at:
Technical Details:F-Secure Corporation September 6, 2000