All the latest UK technology news, reviews and analysis
|
|
|
18 Jul 2005
Over 120,000 emails containing a downloader Trojan named Small.bdq have been sent to a highly targeted group of UK businesses since 9.10pm on 15 July, security experts warned today.
According to email security company BlackSpider Technologies, the Trojan is distinguished by its targeting specific companies across Europe during 10-minute periods, probably using spammers' directory lists.
The targeted businesses vary in size and industry sector, and the attack is continuing into Monday morning. BlackSpider reported on a similar attack on 8 July.
The window of exposure before the first of BlackSpider's antivirus vendors issued a patch was 12 hours and 30 minutes, during which time an estimated 58,000 copies of the Trojan were sent out.
Subject lines vary and include: 'Security', 'Support', 'Update', 'Mail', 'Networking' and 'Security Update'.
The email claims to be from an individual's IT team warning that their system has been compromised and is distributing spam. The content is as follows:
"Security alert
Dear cygan@alfa.com user
Your e-mail account was used to send a huge amount of unsolicited spam messages
during the recent week. If you could please take 5-10 minutes out of your online
experience and confirm the attached document so you will not run into any future
problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your
membership.
Virtually yours, Network Administrator Team."
The attachment is a 2.8KB packed executable MEW file with the filename 'zam.exe'. The attachment is too small to replicate or cause any damage itself, but the executable downloads harmful content from a URL.
John Cheney, chief executive at BlackSpider, said: "We have been warning businesses that malware writers' motivations are evolving from simply wanting the kudos of creating a mass mailer to financial gain. This latest Small Trojan demonstrates this shift.
"As well as bulk distribution, we noticed specific customers of varying sizes and industries being targeted during 10-minute windows.
"The effects of the Trojan have not yet been revealed but businesses should be aware that its purpose may well be to uncover sensitive corporate information, perhaps via a key-logging tool."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?