|
| The Trojan horses are amongst the most commonly
reported malware to Sophos in the last 24 hours. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a series of Trojan horses that have been spammed out to millions of
email addresses around the world. The Trojan horses are accounting
for over 25% of all reports to Sophos in the last 24 hours, but
fail to successfully attack recipients' computers because of a bug
in their code.
Reports of the Trojan horse are mainly concentrated in the
United States and United Kingdom, but Sophos has also had reports
from many other countries, including Germany, Italy, Australia,
Canada, Zambia, Ecuador, Pakistan, Hong Kong, Thailand and South
Africa.
The spammed out email messages, which have no subject line,
typically carry the message text "new price" and an attached file
which can have one of several names, including 09_price.zip,
price_new.zip, and price2.zip.
The attached ZIP files all contain files with the extension
.CPL. If launched these .CPL files drop another file onto the
user's hard drive which is then executed. However, because of
schoolboy errors in the author's code they fail to run
properly.
Experts at SophosLabs examined the different Trojan horse
variants (which go by names such as Troj/Dropper-BB,
Troj/Dropper-BC,
Troj/Dropper-BD and
Troj/Dropper-BE)
closely and determined that although designed with malicious
intentions, they are harmless to computer users.
"This Trojan horse author has made an ass of himself by sending
out this garbage," said Carole Theriault, security
consultant at Sophos. "Though everyone is happy that he has failed
to write functioning malicious code, he has still clogged inboxes
the world over with this junk."
Sophos recommends that all computer users should ensure that
they have up-to-date anti-virus software, security patches and a
properly configured firewall.
"This malware author has proven that he has the ability to spam
out messages to millions of people worldwide," continued Theriault.
"It is vital that companies and individuals put appropriate
defenses in place to make sure he doesn't write a more effective
attack next time."
Sophos users have been automatically protected against the
Trojan horses. Sophos recommends that companies protect their email
gateways with a consolidated solution to
defend against viruses and spam. Businesses should also secure
their desktop and servers with automatically updated
protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.