Storm Trojan Makes a Fresh Outbreak

An outbreak of spam messages has occurred on a massive scale with a new Trojan horse virus wrapped in their attachments. The threat started circulating since Thursday April 12, 2007 and has affected many computers.

Soon after its early attacks, the security response team of Symantec said on April13, 2007 that their experts have been tracking a surge of spam mails carrying the Trojan.Peacomm threat. The Peacomm Trojan is also known as the Storm Trojan.

Symantec Security Response has labeled the ThreatCon to Level 2 where Level 4 is the top most alert. Symantec has found the spam wave to consist of 2 million spam mails, the largest volume in the last few months. These e-mails have been targeting businesses and consumers of English speaking nations. This spam assault is one of the phases of the spread of Storm Trojan since its emergence in January 2007.

According to Symantec, hackers have repackaged the new spam wave in addition to existing spams so that it spreads faster under the same series of campaign.

The attack is twisted in the way the attacker has used a social engineering technique to infect users with the Trojan horse. The subject heads appear to warn people about detection of a fake virus. They read as "Trojan Detected!" or "Virus Activity Detected" that try to fool people into opening a Zip file attachment.

Although the e-mail seems to caution the recipient about a malware and tries to impress that its file attachment serves as a security patch, it actually tricks the recipient into opening it. Once done the attachment installs the real malware, the Trojan.Peacomm.

The attachment carrying the worm is a Zip file that is password-protected. On clicking on it, the virus places itself on the system behaving like a system driver. It then starts downloading many other malicious programs from the Internet.

Symantec is already protecting its customers against the virus inside the Zip file by means of virus definitions the company issued in January 2007. Therefore, it urges users to download the new virus definitions to help them spot the Zip file.

Related article: Storm Worm Returns with Follow-Up Attack

» SPAMfighter News - 4/23/2007