Sophos

Talk to our experts

Find your local press contact

Resources

Sophos blogs

Info feeds

What are info feeds?

19 January 2007

Trojan spam storm hits inboxes, races to top of malware charts Malware spammed out en-masse, accounting for 1 in 200 emails in last 12 hours

The emails pose as breaking news stories.
The emails pose as breaking news stories.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread spam campaign that poses as a breaking news report, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers.

The distribution has been so widespread that since midnight GMT the Trojan has accounted for over two thirds of all malware reports seen at Sophos's global network of monitoring stations, accounting for an infection rate of 1 in 200 of all emails being sent across the net.

Subject lines used in the malicious emails include, but may not limited to, the following:

Attached to the emails are files with names such as Full Clip.exe, Full Story.exe, Full Video.exe, Read More.exe, Video.exe which contain malicious code.

"Whoever is behind this spam campaign has generated an aggressive storm of email in the last 12 hours, and some inboxes will be feeling battered by the deluge. On average, 1 in every 200 emails that people have received since midnight are likely to be infected by this Trojan horse," explained Graham Cluley, senior technology consultant for Sophos. "Receiving or reading the emails themselves does not mean that you will be infected. However, users must be very careful not to click on the attached file inside the emails as that will install a Trojan horse on their computer and put your PC in peril."

Sophos experts believe that the hackers have deliberately chosen a subject line related to storms as European countries have been hit hard by bad weather this week.

"Bad weather has been making headlines news across Europe in the last couple of days, with a number of accidental deaths caused by the high winds reported," continued Cluley. "Hackers are deliberately exploiting public interest in breaking news stories like this in their attempt to silently infect innocent users' PCs."

Sophos products detect the malicious Trojans it has seen so far as Troj/DwnLdr-FYD and Troj/Small-DOR (also known as Small.DAM) and will intercept future variants proactively as Mal/EncPk-B using Behavioral Genotype® Protection. Sophos's anti-spam products also intercept the emails from reaching users' inboxes.

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against malware, spyware and spam.

Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

See also: