A huge Trojan spam attack and an isolated vulnerability in Microsoft’s Windows operating system are rising security threats to computer users, researchers say.
A major e-mail spam is in progress in an offer to trick people into infecting their computer with a Trojan masked as a fix for malware, security researchers at Symantec Corp. reported.
The latest versions of the Trojan.Peacomm virus — also known as Storm, Stormy, Small.DAM, CME-711, Dorf, Downloader-BAI, Troj_small.edw and W32/Tibs — are being distributed as part of a "large spam run" with an attached password-protected compressed file known as a zip file, Symantec said in an advisory.
The Trojan saw a resurrection in January linked to spam e-mails whose subject lines referred to breaking news about actual and fictitious events as well as personal expressions of affection.
In the latest infection bid, the e-mail subject lines include — but are not exclusively worded:
- ATTN!
- Spyware Alert!
- Spyware Detected!
- Trojan Alert!
- Trojan Detected!
- Virus Activity Detected!
- Virus Alert!
- Virus Detected!
- Warning!
- Worm Activity Detected!
The attachments are typically a GIF-format image file, which enclose the password for the accompanying zip file whose name starts with "patch" followed by four apparently random digits, Symantec said.
The company said it has issued a detection profile for the zip file and advised people to update their virus definition files. Profiles for the Trojan contained in the zip file would be detected by its software using existing definitions if an infection attempt occurs.
The Trojan tries to install a file that attempts to download another program, which is believed to be linked to spam e-mail. It affects Windows Versions 95, 98, 2000, ME, NT and XP.
Microsoft warns of Windows DNS flaw
In an unrelated security alert, Microsoft said late Thursday that it was probing reports of a vulnerability in versions of its Windows Server operating system, which was being used by attackers to seize control of an affected computer.
The vulnerability allows attackers to anonymously exploit the Domain Name System (DNS) Server Service in Windows Server versions 2000 and 2003. The XP and latest Vista versions of Windows are not affected, Microsoft said in an advisory that recommended a workaround solution until a permanent fix can be developed.
"While the attack appears to be targeted and not widespread, we are monitoring the issue," Microsoft security researcher Adrian Stone wrote in a post to the Microsoft Security Response Center blog on Thursday.
"Our teams are working hard on a security update to address the vulnerability. In the meantime, we encourage customers to review the advisory and implement the workarounds."
Danish security company Secunia rated the flaw "highly critical," it's second-highest ranking on a five-point scale.
|
