Symantec.com > Threat Advisory Center


Threat Advisory Center
Spam Attack: Zipped Trojan

Security Advisories

Trojan.Peacomm is a trojan horse that is being spread by unsolicited spam email. Trojan.Peacomm Trojan.Peacomm!zip

Response Weblog

Spam Attack: Zipped Trojan

 
What It Is

Massive new surge of Storm Trojan email spam

Symantec Security Response is currently monitoring a massive surge of email spam containing the threat Trojan.Peacomm (also known as the Storm Trojan). This spam surge is one of the largest identified surges in the last several months. This threat was originally discovered in January 2007 but has been repackaged in this particular spam surge. The specific characteristics of this attack have continued to evolve over time and this is simply the latest example of the attackers attempting to compromise large numbers of unprotected systems. This trojan horse arrives as an attachment to an email purporting to contain a security patch. The email appears to warn the user about a malicious threat and implies that the file attachment is a security patch that will protect the user from this threat. However, the attachment itself is a malicious threat. The email may have one of the following subject lines:

Worm Detected!
[UNABLE TO SCAN] Worm Detected!
[WARNING - ENCRYPTED ATTACHMENT NOT VIRUS SCANNED] Virus Alert!
[WARNING - ENCRYPTED ATTACHMENT NOT VIRUS SCANNED] Worm Detected!
Worm Detected!
Undeliverable: Virus Det
[ATTENTION - NON TRAIT? PAR ANTIVIRUS -- WARNING - NOT VIRUS SCANNED]%s
Virus Detected!ected!
Virus Activity Detected!
ATTN!
Spyware Alert!
Spyware Detected!
Warning!
Trojan Alert!
Trojan Detected!
Worm Activity Detected!
Virus Alert!

The sender name may be one of the following:
Abuse Team
Customer Support Center
Customer Support Center Robot
Customer Support
Customer Support Robot

Given the changing nature of this threat it is likely that subject lines or attachment names may differ from the list provided above. Users are encouraged to not open emails including similar subjects.

The attachment is a password-protected ZIP file. It contains a trojan horse that will install itself on the system as a system driver and then will download other malicious programs from various computers on the Internet. The file contained within the ZIP file will be detected as Trojan.Packed.13. If the user executes this file it will create another file that will be detected as Trojan.Peacomm.

Symantec Security Response will be releasing updated virus detection signatures later in the day on April 12 (Pacific time zone) that will detect the password protected ZIP file attachment as Trojan.Peacomm!zip. All previous variants of this threat are already detected and removed with existing virus definition signatures.

Symantec also strongly urges users to be cautious of any unsolicited email that contains attachments that claim to be legitimate or interesting. The technique of using interesting subject lines or attachment names in emails in order to distribute malicious code is known as "social engineering". This technique has been used by threat writers for many years and, unfortunately, is often successful against unprotected users.

More detailed information on this threat can be found on the Symantec Security Response Blog.

Protect Yourself

To reduce the possibility of being affected by threats exploiting this vulnerability, Symantec Security Response advises users to do the following:

  1. Keep antivirus and IPS detection signatures updated.
  2. Never click on attachments or web links from unsolicited emails.
  3. Regularly apply security patches and updates to all major software installed on the computer.
  4. Use a security solution that contains antivirus and client firewall technologies, such as Symantec Client Security or Norton Internet Security, to protect against today's known and tomorrow's unknown threats.
  5. Organizations should install and maintain a perimeter firewall to protect the entire internal network. Be sure to use permit by exception rules on the firewall.
  6. Organizations should check all external systems for security compliancy before permitting any connectivity to an internal network.
   Norton 360
Norton 360
Stay protected from the latest online threats.
Learn More
Buy this Product
If you own Symantec Products:

If you own Norton 360, Norton AntiVirus, Norton Internet Security, Symantec Client Security or Symantec AntiVirus, Live Update will automatically install the latest virus definitions and intrusion prevention security updates.

Update Virus Definitions

Symantec Security Response will closely monitor further information related to this vulnerability and will provide updates and security content as necessary.



Symantec Security Check

Symantec Security Check

Featured Articles



Symantec Solutions

Home & Home Office
Norton 360
All-In-One Security
Learn More
Buy this Product

Small Business
Symantec Client Security 3.1
Protect your business from viruses, spyware, and hackers.
Learn More
Buy this Product

Enterprise
Symantec Client Security 3.1
Robust protection against malware with centralized management and ease of administration.
Learn More
Buy this Product
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2009 Symantec Corporation