Press Releases

Browse our press release archive

13 Sep 2005

Wannabe Trojan author messes up by spamming out faulty code, Sophos comments

The Trojan horses are amongst the most commonly reported malware to Sophos in the last 24 hours
The Trojan horses are amongst the most commonly reported malware to Sophos in the last 24 hours.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a series of Trojan horses that have been spammed out to millions of email addresses around the world. The Trojan horses are accounting for over 25% of all reports to Sophos in the last 24 hours, but fail to successfully attack recipients' computers because of a bug in their code.

Reports of the Trojan horse are mainly concentrated in the United States and United Kingdom, but Sophos has also had reports from many other countries, including Germany, Italy, Australia, Canada, Zambia, Ecuador, Pakistan, Hong Kong, Thailand and South Africa.

The spammed out email messages, which have no subject line, typically carry the message text "new price" and an attached file which can have one of several names, including 09_price.zip, price_new.zip, and price2.zip.

The attached ZIP files all contain files with the extension .CPL. If launched these .CPL files drop another file onto the user's hard drive which is then executed. However, because of schoolboy errors in the author's code they fail to run properly.

Experts at SophosLabs examined the different Trojan horse variants (which go by names such as Troj/Dropper-BB, Troj/Dropper-BC, Troj/Dropper-BD and Troj/Dropper-BE) closely and determined that although designed with malicious intentions, they are harmless to computer users.

"This Trojan horse author has made an ass of himself by sending out this garbage," said Carole Theriault, security consultant at Sophos. "Though everyone is happy that he has failed to write functioning malicious code, he has still clogged inboxes the world over with this junk."

Sophos recommends that all computer users should ensure that they have up-to-date anti-virus software, security patches and a properly configured firewall.

"This malware author has proven that he has the ability to spam out messages to millions of people worldwide," continued Theriault. "It is vital that companies and individuals put appropriate defenses in place to make sure he doesn't write a more effective attack next time."

Sophos users have been automatically protected against the Trojan horses. Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.