検索:
ホーム   »     »   Trojan Hitches a Ride on Hot News

Trojan Hitches a Ride on Hot News

  • 投稿日:2007年1月22日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Barely a day since a storm carrying 200 kph winds lashed over Europe, a spammed Trojan already claims to have this story in full details. This Trojan hitches a ride on email messages with subjects carrying the latest news. An example of the said spammed mail has the subject “230 dead as storm batters Europe”. Other subjects can be any of the following:





  • A killer at 11, he’s free at 21 and kill again!

  • British Muslims Genocide

  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel


The spam mail lures its recipients into opening its attachment by using file names such as full Clip.exe, full Story.exe, full Video.exe, and read More.exe.



This Trojan, detected by Trend Micro as TROJ_SMALL.EDW, is currently in the wild and raising infection counts in Japan. It downloads other possibly malicious files from certain Web sites. Trend Micro advises users to refrain from opening unsolicited email messages.



Update (Roberto Tayag, Sun, 21 Jan 2007 12:43:35 PM)



We have seen burst of emails from this trojan as well as updates to the malware itself and its emails. Our own honeypot has already received 29,000++ samples of this trojan. We have received reports that this particular sample is creating a P2P botnet. We are now confirming this one as of writing. We will update you as soon as possible.




Update (Sheryll Tiauzon, Mon, 22 Jan 2007 09:29:05 AM)



Well this malware has certainly stirred up quite a storm these past few days. It is worth mentioning that this file is actually the file dropped by WORM_NUWAR.CQ. It then in turn drops a file wincom32.sys and registers itself as a service to enable automatic execution at system startup. The file wincom32.sys actually possesses rootkit capabilities which permits certain files and processes to remain hidden though not entirely impossible to detect.



Aside from the reports that it also tries to establish a peer-to-peer connection, below is an updated list of email subjects and email attachments used by the malware.



Subject: (any of the ff.)



  • 230 dead as storm batters Europe.

  • A killer at 11, he’s free at 21 and kill again!

  • British Muslims Genocide

  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel




Attachment: (any of the ff.)



  • Full Clip.exe

  • Full Story.exe

  • Full Video.exe

  • Read More.exe

  • Video.exe




Here’s a sample of the email:





To help protect against this threat it would be advisable to block email attachments with executable files. Also block access to the following urls:





  • http://69.50.166.234/cp/*

  • http://81.177.3.169/dir/*

  • http://81.177.26.27/cp/*

  • http://205.209.179.112/cp/*

  • http://209.123.8.198/cp/*

  • http://217.107.217.187/*

  • http://217.107.217.187/cp/*


  • http://217.107.217.187/sp/*

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.