IDG News Service - Antivirus and e-mail security companies last week sent out warnings about a new Trojan horse program that they claim is being mass distributed on the Internet by means of spam.
The program, called Backdoor-CGT, is a new form of a Trojan horse that's installed when users of Microsoft's Outlook e-mail program follow a Web link embedded in an e-mail message. The Trojan horse was believed to have infected thousands of systems even though antivirus software and up-to-date versions of Outlook are immune to attack, said Maksym Schipka, senior antivirus researcher at MessageLabs Ltd. in Gloucester, England.
MessageLabs received more than 3,600 e-mail messages with links to the Trojan horse during a two-hour period, the result of a spam distribution that was more than 10 times the normal amount for such a program, he said. Trojan horse programs give remote attackers access to or control over machines on which they run, and they often run unnoticed by users or pose as legitimate applications.
The Backdoor-CGT program uses a "multistage" attack to place malicious code on victims' computers. After clicking on an e-mail link embedded in the spam message, victims go to a series of Web sites, each of which carries out one stage in the attack.
The attack takes advantage of a now-patched flaw in Outlook called the "IFRAME" exploit to hide the Web site redirections from the user and silently download and install the Backdoor-CGT program, Schipka said.
McAfee also released an advisory about the new Trojan horse, which is also known as "SS," but rated it a "low" threat to users. McAfee has released software update files to detect the Trojan horse, according to the advisory.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
