Over 120,000 emails containing a downloader Trojan named Small.bdq have been sent to a highly targeted group of UK businesses since 9.10pm on 15 July, security experts warned today.
According to email security company BlackSpider Technologies, the Trojan is distinguished by its targeting specific companies across Europe during 10-minute periods, probably using spammers' directory lists.
The targeted businesses vary in size and industry sector, and the attack is continuing into Monday morning. BlackSpider reported on a similar attack on 8 July.
The window of exposure before the first of BlackSpider's antivirus vendors issued a patch was 12 hours and 30 minutes, during which time an estimated 58,000 copies of the Trojan were sent out.
Subject lines vary and include: 'Security', 'Support', 'Update', 'Mail', 'Networking' and 'Security Update'.
The email claims to be from an individual's IT team warning that their system has been compromised and is distributing spam. The content is as follows:
Dear [email protected] user
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours, Network Administrator Team."
The attachment is a 2.8KB packed executable MEW file with the filename 'zam.exe'. The attachment is too small to replicate or cause any damage itself, but the executable downloads harmful content from a URL.
John Cheney, chief executive at BlackSpider, said: "We have been warning businesses that malware writers' motivations are evolving from simply wanting the kudos of creating a mass mailer to financial gain. This latest Small Trojan demonstrates this shift.
"As well as bulk distribution, we noticed specific customers of varying sizes and industries being targeted during 10-minute windows.
"The effects of the Trojan have not yet been revealed but businesses should be aware that its purpose may well be to uncover sensitive corporate information, perhaps via a key-logging tool."
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days
Sudden increases in availability of sniper rifles on Vikendi