Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43424
  • Total Topics: 16521
  • Online today: 2687
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2686
Total: 2687









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Amker
« on: 02. June 2007., 19:54:56 »

Spam Attack: Zipped Trojan

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (this image contains the zip password) and the executable in the form of patch-[random four digits].zip.

The executable contained within the zip file is detected by Symantec antivirus software as Trojan.Packed.13, and is actually nothing new. It is simply a minor variant of Trojan.Peacomm that has been repacked in an attempt to avoid existing detection. If executed, this sample drops a file named wincom32.sys, which is also already detected, this time as Trojan.Peacomm.

In response to the mass spamming of unsolicited password-protected zip files, Symantec Security Response will be releasing a Trojan.Peacomm!zip detection. This detection is scheduled for release in definitions dated April 12, 2007. While Symantec customers are already protected from this threat with current definitions, it is recommended that users obtain the latest LiveUpdate definitions once they become available.

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023