UK firms blitzed by zero-day Trojan attack

IRC.Backdoor.Trojan uses social engineering techniques to appeal to recipients' curiosity

More than 275,000 emails containing a Trojan have been sent to UK businesses since 6.20am this morning, giving hackers a three-hour window to infect machines before a patch was issued at 9.20am, a security firm has claimed.

Security services firm BlackSpider Technologies said that today's incident is the second in four days that uses social engineering techniques to appeal to recipients' curiosity.

The subject line of the infected emails, which purport to be sent by a work colleague, implies that an attached photograph or article requires the recipient's approval.

When the attachment is opened, however, the IRC.Backdoor.Trojan is downloaded to the unwitting recipients' PCs.

The body of the email simply contains the word 'hello'. The subject lines include: Photo and Article, Requesting Photo Approval, Photo Approval needed, Photo Approval, Photo Approval Deadline, Photo Approval Required, Photo, Campus Life, Campus Life Article approval deadline.

The attachment is a file named 'Photo and Article.zip', containing an executable of the same name, which is an 8KB UPX packed executable.

James Kay, chief technology officer at BlackSpider, said: "After a relatively quiet period, it appears that virus writers are again resorting to launching a succession of attacks that rely on people's curiosity or egos.

"However quiet things seem, unprotected businesses are always at risk."