1. /
  2. Security Response/
  3. Trojan.Peacomm

Trojan.Peacomm

Risk Level 2: Low

Discovered:
January 19, 2007
Updated:
January 19, 2007 6:52:29 PM
Also Known As:
Small.DAM [F-Secure], CME-711 [Common Malware Enumeration], Troj/Dorf-Fam [Sophos], Downloader-BAI!M711 [McAfee], TROJ_SMALL.EDW [Trend], W32/Tibs [Norman], Troj/Dorf-J [Sophos], W32/Zhelatin.gen!eml [McAfee], Email-Worm.Win32.Zhelatin [Kaspersky],
Type:
Trojan
Infection Length:
29,347 bytes; 30,720 bytes; 32,387 bytes; 34,816 bytes (varies)
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Trojan.Peacomm is a Trojan horse that drops a driver program file to download another program. It is reportedly attached to spammed email. It may also be dropped by W32.Mixor.Q@mm.

Trojan.Peacomm may be dropped by W32.Mixor.Q@mm. It may also arrive as an attachment to a spammed email.

Currently, the characteristics of the email subject and attachment may include any of the following combinations from a growing list of possibilities:

Subject:
One of the following:
  • 230 dead as storm batters Europe.
  • A killer at 11, he's free at 21 and kill again!
  • British Muslims Genocide
  • Chinese missile shot down Russian aircraft
  • Chinese missile shot down Russian satellite
  • Chinese missile shot down USA aircraft
  • Chinese missile shot down USA satellite
  • Did you open your ecard yet
  • Fidel Castro dead.
  • Naked teens attack home director.
  • New 2008 Year Ecard
  • New 2008 Year Greeting Card
  • New 2008 Year Postcard
  • New Year 2008 Ecard
  • New Year 2008 Greeting Card
  • New Year 2008 Postcard
  • New Year Postcard
  • New Year Postcard
  • Please open your ecard.
  • Radical Muslim drinking enemies's blood.
  • Re: Your text
  • Russian missile shot down Chinese aircraft
  • Russian missile shot down Chinese satellite
  • Russian missile shot down USA aircraft
  • Russian missile shot down USA satellite
  • Saddam Hussein alive!
  • Saddam Hussein safe and sound!
  • Someone is thinking of you! Open your ecard!
  • Someone just sent you a greeting!
  • Someone Just sent you an ecard!
  • This ecard is hillarious!
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • Venezuelan leader: "Let's the War beginning".
  • We have a ecard greeting for you.
  • We have a ecard surprise!
  • We have a ecard surprise!
  • You have just received an ecard.
  • You have one new ecard waiting!
  • Your ecard greeting is available.
  • Your ecard joke is waiting
  • Your ecard joke is waiting!

Attachment:

One of the following:
  • ClickHere.exe
  • e-card.exe
  • familypostcards2008.com
  • FlashPostcard.exe
  • FlashPostcard.exe
  • Full Story.exe
  • FullClip.exe
  • FullNews.exe
  • FullVideo.exe
  • GreetingCard.exe
  • GreetingPostcard.exe
  • happycards2008.com
  • merrychristmasdude.com
  • MoreHere.exe
  • newyearcards2008.com
  • newyearwithlove.com
  • postcard.exe
  • Read More.exe
  • ReadMore.exe
  • uhavepostcard.com
  • Video.exe

Note:
Due to a substantial increase in activity, Symantec Security Response raised this threat to category 3 on January 22, 2007.

The Peacomm family of Trojans is also commonly known as the "Storm" Trojan.

Further reading:
To find out more about this threat, please read the following Symantec Security Response blog entries:

Antivirus Protection Dates

  • Initial Rapid Release version January 19, 2007
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version January 19, 2007
  • Latest Daily Certified version July 28, 2013 revision 020
  • Initial Weekly Certified release date January 22, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: High
  • Number of Infections: 1000+
  • Number of Sites: 10+
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: High
  • Payload: Downloads additional security threats.
  • Degrades Performance: Sent UDP packets may degrade performance.

Distribution

  • Distribution Level: Low
  • Ports: UDP ports 4000, 7871 and 11271
Writeup By: Masaki Suenaga and Mircea Ciubotariu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver