The Kukudro Trojan horse arrives as an email attachment
Updated 28 June 2006 to include latest prevalence
statistics.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
a Trojan horse that has been spammed out in large quantities to
email users around the world.
The WM97/Kukudro-A Trojan
horse has been spammed out in email messages, which can have a
variety of subject lines including "worth to see", "prices", "Hi",
and "Hello", and accounts for over 35% of all malware reported at
Sophos's global network of monitoring stations in the last 24
hours.
The body of the message reads as follows:
Hello <name>
--
Regards, <name> <email address>
Where <name> and <email address> are changing.
Attached to the email is a zip file (variously called prices.zip,
apple_prices.zip or sony_prices.zip) containing a malicious
Microsoft Word document entitled my_Notebook.doc.
The Word document contains information about Apple, HP and Sony
laptop computers for sale, but secretly attempts to install another
Trojan horse, called W32/Kuku-A, onto the user's
hard drive.
"People may be curious as to why they have been sent the email
and open the attached file, but doing so would be a big mistake,"
said Graham
Cluley, senior technology consultant at Sophos. "This malware
is being aggressively spammed out in an attempt to break into
innocent users' Windows computers. The Trojan horse will try and
download further code from the internet which could allow hackers
to gain access to the computer in order to spy, steal and cause
havoc."
The Word document secretly installs a Trojan
horse onto the PC.
Sophos has been protecting against the WM97/Kukudro-A and
Troj/Kuku-A malware since 14:30 GMT on 27 June 2006.
Sophos recommends that all computer users should ensure that
they are running an anti-virus product which is configured to
automatically update itself, security patches and firewall
software.
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as apply an email policy
that filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.