Over 120,000 emails containing a downloader Trojan named Small.bdq have been sent to a highly targeted group of UK businesses since 9.10pm on 15 July, security experts warned today.
According to email security company BlackSpider Technologies, the Trojan is distinguished by its targeting specific companies across Europe during 10-minute periods, probably using spammers' directory lists.
The targeted businesses vary in size and industry sector, and the attack is continuing into Monday morning. BlackSpider reported on a similar attack on 8 July.
The window of exposure before the first of BlackSpider's antivirus vendors issued a patch was 12 hours and 30 minutes, during which time an estimated 58,000 copies of the Trojan were sent out.
Subject lines vary and include: 'Security', 'Support', 'Update', 'Mail', 'Networking' and 'Security Update'.
The email claims to be from an individual's IT team warning that their system has been compromised and is distributing spam. The content is as follows:
Dear [email protected] user
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours, Network Administrator Team."
The attachment is a 2.8KB packed executable MEW file with the filename 'zam.exe'. The attachment is too small to replicate or cause any damage itself, but the executable downloads harmful content from a URL.
John Cheney, chief executive at BlackSpider, said: "We have been warning businesses that malware writers' motivations are evolving from simply wanting the kudos of creating a mass mailer to financial gain. This latest Small Trojan demonstrates this shift.
"As well as bulk distribution, we noticed specific customers of varying sizes and industries being targeted during 10-minute windows.
"The effects of the Trojan have not yet been revealed but businesses should be aware that its purpose may well be to uncover sensitive corporate information, perhaps via a key-logging tool."
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend