Spiga

Zipped Trojan Storms Back in Internet World


Zipped Trojan Storms Back

A new spam attack containing the threat Trojan.Peacomm, or Storm Trojan that is being distributed via a password protected Zip file has been identified by the Symantec.

Symantec has detected more than 2 million spam messages distributed worldwide, targeting mostly English speaking countries and affecting both consumers and enterprises prompting Symantec Security Response to raise the ThreatCon level to a Level 2 with Level 4 being the highest alert.This threat was originally discovered in January 2007 but has been repackaged in this particular spam surge. This trojan horse arrives as an attachment to an email purporting to contain a security patch. The email appears to warn the user about a malicious threat and implies that the file attachment is a security patch that will protect the user from this threat.

However, the attachment itself is a malicious threat. The attachment is a password-protected ZIP file. It contains a trojan horse that will install itself on the system as a system driver and then will download other malicious programs from various computers on the Internet. The file contained within the ZIP file will be detected as Trojan.Packed.13. If the user executes this file it will create another file that will be detected as Trojan.Peacomm.

This type of message are shown:
Worm Detected![UNABLE TO SCAN] Worm Detected![WARNING - ENCRYPTED ATTACHMENT NOT VIRUS SCANNED] Virus Alert![WARNING - ENCRYPTED ATTACHMENT NOT VIRUS SCANNED] Worm Detected!Worm Detected!Undeliverable: Virus Det

To reduce the possibility of being affected by threats exploiting this vulnerability, to do the following:
Keep antivirus and IPS detection signatures updated.
Never click on attachments or web links from unsolicited emails.
Regularly apply security patches and updates to all major software installed on the computer.
Use a security solution that contains antivirus and client firewall technologies, such as Symantec Client Security or Norton Internet Security, to protect against today's known and tomorrow's unknown threats.
Organizations should install and maintain a perimeter firewall to protect the entire internal network. Be sure to use permit by exception rules on the firewall.
Organizations should check all external systems for security compliancy before permitting any connectivity to an internal network.

0 comments: