Sophos, a world leader in anti-virus and anti-spam protection
for businesses, warns of a new Trojan called Mmdload
(Troj/Mmdload-A) which is the latest piece of malware attempting to
dupe users into disclosing their bank account details. Sophos has
received several reports of this Trojan circulating in the wild
which hints that the email message may have been spammed out.
Mmdload arrives as a zipped attachment in an email which carries
exactly the same subject line and text used by the recent Mimail-N worm. The
message offers recipients the chance to win some cash, which will
be placed directly in their bank accounts, as long as they fill in
the form asking for personal financial details.
Once the attachment is unzipped and its file, PAYPAL.exe, is
launched, the Trojan attempts to contact a Russian website,
www.aquarium-fish.ru, to download a copy of Mimail-N giving it a
new lease of life by enabling it to bypass email gateway
protection. This is the same website to which Mimail-N worm
attempts to send the completed PayPal forms.
"This is the latest Trojan 'phishing' for personal financial
data," said Carole Theriault, security consultant at Sophos. "The
malicious coders know that not everyone who receives the email will
be a PayPal customer, but similar to the mindset of spammers, if
only a few people fall for the ruse, there is an opportunity to
drain bank accounts."
As well as desktop anti-virus protection, Sophos recommends that
companies consider blocking all programs at the email gateway. It
is rarely necessary to allow users to receive programs via email
from the outside world. There is so little to lose, and so much to
gain simply by blocking all emailed programs, regardless of whether
they contain viruses or not.
"Best practice for business should include automatic blocking of
all executable code at the email gateway," continued Theriault.
"Reputable companies do not send out files in this way, and users
should think twice before they click on unsolicited email
messages."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.