• Total Posts: 28056
  • Total Topics: 8056
  • Online Today: 1021
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Spam Attack: Zipped Trojan  (Read 1946 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
Spam Attack: Zipped Trojan
« on: 02. June 2007., 18:54:56 »
Spam Attack: Zipped Trojan

Security Response has seen a large spam run of what appears to be the latest in the line of Trojan.Peacomm variants. While this is nothing new, this time around the attachments are in the form of password-protected zip files. The recipient is tricked into unzipping the attachment with the included password, then running the unzipped file, to counteract activity related to an unknown worm (with which the recipient has undoubtedly been infected).

We've seen samples arrive in email messages with subjects including, but not limited to, "ATTN!", "Spyware Alert!", "Spyware Detected!", "Trojan Alert!", "Trojan Detected!", "Virus Activity Detected!", "Virus Alert!", "Virus Detected!", "Warning!", and "Worm Activity Detected!". The attachments are generally a .gif image file (this image contains the zip password) and the executable in the form of patch-[random four digits].zip.

The executable contained within the zip file is detected by Symantec antivirus software as Trojan.Packed.13, and is actually nothing new. It is simply a minor variant of Trojan.Peacomm that has been repacked in an attempt to avoid existing detection. If executed, this sample drops a file named wincom32.sys, which is also already detected, this time as Trojan.Peacomm.

In response to the mass spamming of unsolicited password-protected zip files, Symantec Security Response will be releasing a Trojan.Peacomm!zip detection. This detection is scheduled for release in definitions dated April 12, 2007. While Symantec customers are already protected from this threat with current definitions, it is recommended that users obtain the latest LiveUpdate definitions once they become available.
# Online Anti-Malware Scanners:,734.0.html

Samker's Computer Forum -

Spam Attack: Zipped Trojan
« on: 02. June 2007., 18:54:56 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising