Experts at Sophos have warned users to be wary of unsolicited emails claiming to contain photographs, after a Trojan horse was spammed to internet users. Many companies have reported sighting the Trojan horse at their email gateways. The Troj/BagleDl-A Trojan horse has been distributed in an email with the following characteristics:
Message body: foto
Attached file: foto.zip or fotos.zip
If the user opens the attached zip file, and launches the HTML file contained within, the Trojan will attempt to download a malicious program from one of more than 130 separate websites, many based in Eastern Europe, every six hours.
"Whoever is behind this Trojan horse is trying to increase the harm they cause by using a wide variety of different websites to spread their code, and by telling infected computers to download an updated payload every six hours," said Graham Cluley, senior technology consultant for Sophos. "This makes it harder to shut down every website under his or her control, and means the malware code can be easily and regularly updated. The mass distribution of this Trojan horse is a seeding for further attacks."
"All computer users should ensure their anti-virus protection is up-to-date and able to counter this latest menace," continued Cluley. "Everyone should be wary of launching unsolicited email attachments and ensure their PCs are properly defended."
Sophos notes that the BagleDl-A Trojan horse is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update. "Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this Trojan," continued Cluley. "If you launch it on a PC running Windows XP SP2 it can turn off your firewall opening the door to hackers and other internet attacks."
The BagleDl-A Trojan horse appears to be from the same author as the Bagle worm which struck thousands of unprotected computer users earlier this year.
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.