IT security firm Sophos has warned of a Trojan horse that has been spammed out in large quantities to email users around the world, and is currently the number one reported malware to Sophos’s global network of monitoring stations. The Kukudro-A Trojan horse, which uses a variety of subject lines including ‘worth to see’, ‘prices’, and ‘Hello’, accounts for over 35 percent of all malware reports in the last 24 hours.
The spammed emails contain an infected Word document, which includes information about Apple, HP and Sony laptop computers for sale. When opened the Word document attempts to install another Trojan horse, called Kuku-A, onto the user’s hard drive, which can lead to hacker’s gaining access to innocent users’ PCs.
The body of the message reads as follows (with name and email address changing):
Regards, name email address’
Attached to the email is a zip file (variously called prices.zip, apple_prices.zip or sony_prices.zip) containing a malicious Microsoft Word document entitled my_Notebook.doc.’
It is believed that the author behind this malware is the same person who has been writing the Sality worms, which log keystrokes to steal information from computer users.
“People may be curious as to why they have been sent the email and open the attached file, but doing so would be a big mistake,” said Graham Cluley, senior technology consultant at Sophos. “This malware is being aggressively spammed out in an attempt to break into innocent users’ Windows computers. The Trojan horse will try and download further code from the internet which could allow hackers to gain access to the computer in order to spy, steal and cause havoc.”
Sophos has been protecting against the Kukoro-A and Kuku-A malware since 14:30 GMT on 27 June 2006. The company strongly recommends that all organisations protect their email gateways with a consolidated solution to defend against all malware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktops and servers with automatically updated protection.