|The Trojan horses are amongst the most commonly reported malware to Sophos in the last 24 hours.|
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a series of Trojan horses that have been spammed out to millions of email addresses around the world. The Trojan horses are accounting for over 25% of all reports to Sophos in the last 24 hours, but fail to successfully attack recipients' computers because of a bug in their code.
Reports of the Trojan horse are mainly concentrated in the United States and United Kingdom, but Sophos has also had reports from many other countries, including Germany, Italy, Australia, Canada, Zambia, Ecuador, Pakistan, Hong Kong, Thailand and South Africa.
The spammed out email messages, which have no subject line, typically carry the message text "new price" and an attached file which can have one of several names, including 09_price.zip, price_new.zip, and price2.zip.
The attached ZIP files all contain files with the extension .CPL. If launched these .CPL files drop another file onto the user's hard drive which is then executed. However, because of schoolboy errors in the author's code they fail to run properly.
Experts at SophosLabs examined the different Trojan horse variants (which go by names such as Troj/Dropper-BB, Troj/Dropper-BC, Troj/Dropper-BD and Troj/Dropper-BE) closely and determined that although designed with malicious intentions, they are harmless to computer users.
"This Trojan horse author has made an ass of himself by sending out this garbage," said Carole Theriault, security consultant at Sophos. "Though everyone is happy that he has failed to write functioning malicious code, he has still clogged inboxes the world over with this junk."
Sophos recommends that all computer users should ensure that they have up-to-date anti-virus software, security patches and a properly configured firewall.
"This malware author has proven that he has the ability to spam out messages to millions of people worldwide," continued Theriault. "It is vital that companies and individuals put appropriate defenses in place to make sure he doesn't write a more effective attack next time."
Sophos users have been automatically protected against the Trojan horses. Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.