The Trojan was distributed in messages with subject line of "230 dead as storm batters Europe." The payload in this case was the Small.DAM Trojan that was downloaded into all vulnerable machines upon opening of the spam mail's attachment such as "Read More.exe." Once inside the machine, the Trojan creates a backdoor that can be exploited later by the malware authors behind the assault.
As has been seen with other attacks, the likely intention is to create a new raft of zombie computers to steal information and to further propagate large-scale spam and phishing runs.
In addition to the headline "230 dead as storm batters Europe" the spam uses a number of other provocative headlines. Attachments may be of the following filenames: "Full Clip.exe"; "Full Story.exe"; "Read More.exe" and "Video.exe".
The assault was first picked up by F-Secure Security Labs Kuala Lumpur during the very early hours of Friday European time. The timing of the assault and its detection in Asia leads researchers to believe that the assault also originated in the region.
Speaking about the case, Mikko Hypponen, Chief Research Officer at F-Secure said: "Trojan assaults of this scale are an unfortunate and increasingly common event. What is significant here though is the timely nature of this assault in relation to the European storm. Malware gangs are clearly using every technique and even tragedies like these to gain access to vulnerable machines."
