New Multi-Stage Trojan Attack Detected

MessageLabs, the leading provider of managed email security services to businesses worldwide, has intercepted a significant number of emails which can lead to the download and installation of a new Trojan on affected machines. The email contains an IFRAME link to a website, which if activated will then redirect the user via a different link. At this point VBS/Inor is activated, and will download ss.exe – the new Trojan.

Name: Unknown
Number of copies intercepted so far: 3669
Time & Date first Captured: 08.38 GMT, 13th July, 2004.

As with other similar pieces of malware, this Trojan relays information back to remote attackers who are then able to access the infected machine.

Email Characteristics

Subject: Various, including:

Amateur swingers
Are you lonely?
Are you looking for companionship?
Are you looking for love?
Are you looking for romance?
Become a friend
Become a intruder
Can me make me beg for your love?
Can you let me be with you?
Can you let me in your dreams?

Detection
MessageLabs detected all strains of this malware proactively, using its unique and patented Skepticâ„? predictive heuristics technology.




Share this