|
| The Trojan horse has been spammed around the
world, and attempts to disable anti-virus and other security
software. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out to millions of email
addresses around the world.
The spammed out email messages, which have no subject line,
typically carry the message text "new price" and an attached file
which can have one of several names, including 09_price.zip,
price_new.zip, and price2.zip.
The attached ZIP files all contain a malicious file called
price.exe, which is the Troj/BagleDl-U Trojan
horse. If launched the Trojan horse makes changes to the registry,
runs Windows Notepad to act as a decoy, and attempts to turn off
anti-virus and security-related software on the infected computer,
opening the door for attack by remote hackers. The Trojan horse
also tries to download further code from the internet.
"This Trojan horse is being aggressively seeded by its creator,
using spam technology, to distribute malicious code to as many
vulnerable computers as possible, in the shortest amount of time,"
said Graham
Cluley, senior technology consultant at Sophos. "Anyone
unfortunate enough to run this program is running the risk of
allowing hackers to gain access to their computer to spy, steal and
cause havoc."
Sophos recommends that all computer users should ensure that
they are running an anti-virus product which is configured to
automatically update itself, security patches and firewall
software.
"Keeping anti-virus software up-to-date is a must. Regular
anti-virus updates combined with sensible safe computing policies
and strong email policy at the gateway reduces the risk of threats
like this to a minimum," continued Cluley. "We would be surprised
if the malware author stops at this point - it's likely they will
release further variants in an attempt to hit as many people as
possible."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses and spam, as well as apply an email policy that
filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.