Risk: Medium
Hackers have used spamming software to distribute thousands of copies of a new Trojan. Email filtering firm MessageLabs alone has intercepted more than 4,000 copies of the Demonize-T Trojan.
Demonize-T is a multi-stage Trojan that uses an object data exploit in Internet Explorer to download and execute an encoded visual basic script from a web site. The Trojan then creates an executable file, which appears to download a malicious program from the same web site as the original script. Early analysis suggests Demonize-T is similar to previous attacks where malicious code has been used to install key loggers and password stealers.
Spammers are increasingly using infected machines as a platform to distribute spam and this technique has come full circle with virus writers using spam to infect machines in the first place.
Hackers are adopting the tactics of spammers more and more in their attempts to seize control of as many machines as possible. MessageLabs typically block four or five bulk mail batches of Trojans a day. Mostly less than 20 messages are involved so the new attack - with more than 4,000 messages blocked in the space of only 24 hours - is far more intense. MessageLabs detected Demonize-T proactively, using its Skeptic predictive heuristics technology.