We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,650 News Articles

New Trojan horse travels by spam

Security firm warns thousands of systems may have infected in just one morning

Antivirus and e-mail security companies are sending out warnings about a new Trojan horse program that they claim is being mass-distributed on the Internet through spam.

The program, called Backdoor-CGT, is a new form of a Trojan horse installed after email recipients using Microsoft Outlook follow a weblink embedded in an email message. The Trojan horse is believed to have infected thousands of systems on the Internet since appearing early Tuesday, even though antivirus software and up-to-date versions of Outlook are immune to attack, according to Maksym Schipka, senior antivirus researcher at MessageLabs.

MessageLabs received more than 3600 email messages with links to the Trojan horse during a two-hour period early on Tuesday. The numbers indicated a massive and uncharacteristic spam distribution more than ten times what is normal for such a program, Schipka says.

Trojan horse programs give remote attackers access to or control over machines on which they run, and often run unnoticed by computer users, or pose as legitimate software applications.

The Backdoor-CGT Trojan uses a "multistage" attack to place malicious code on victims' computers. After clicking on an email link embedded in the spam message, victims go to a series of websites, each of which carries out one stage in the attack. The attack takes advantage of a now-patched flaw in Outlook called the "IFRAME" exploit to hide the website redirections from the user and silently download and install the Backdoor-CGT program, Schipka says.

Once installed, Backdoor-CGT selects a communications port at random and opens it, creating a back door on infected systems that is used to communicate with a server on the Internet supposedly controlled by those behind the attacks. The website used by the compromised machines is registered in the .biz Web domain to an individual in the Czech Republic and was still online, though slowed by heavy traffic, on Tuesday, he says.

Antivirus product vendor McAfee has also released an advisory about the new Trojan program, also known as "SS". The company has updated its virus definition files to detect the new Trojan program. However, McAfee's Tuesday bulletin rates the virus "low", indicating it does not pose a great threat to either home or business users.

Other antivirus companies did not immediately respond to requests for information about Backdoor-CGT. It is not clear whether other companies are aware of it, or whether other antivirus software programs can spot the new malicious program.

However, before the Trojan program can be downloaded and installed, the attackers try to place a common version of another program, called a "dropper", that antivirus programs can spot, thwarting infections, Schipka adds.

Microsoft Outlook users are advised to apply the latest software patch for the product to prevent infection, he says.


IDG UK Sites

Nokia Lumia 930 review: The flagship Windows Phone 8.1 smartphone

IDG UK Sites

Live Blog: Apple financial results, record June quarter, 35.2m iPhones sold, $37.4b revenue

IDG UK Sites

Welcome to the upgrade cycle - you'll never leave

IDG UK Sites

Why smartphone screens are getting bigger