Symantec Security Response recently raised the risk level of Trojan.Peacomm to a category 3 of a possible 5 threat levels, due to the speed and volume in which it is being aggressively spammed across the Internet. The Trojan, which was first spotted January 17, 2007 has been raised to a higher category following a sustained increase in new versions of the attack which appeared over the weekend as the malware author responded to improvements in protection made by security companies by adjusting his tactics.
Trojan.Peacomm is one of a number of spamming Trojan horse programs Symantec has seen lately that appear to originate from Russia and are clearly aimed at making money for the author by pumping up penny stocks. The victim is enticed through social engineering techniques to open an attachment, which typically appears to be a video clip on a recent, newsworthy event.
Discovered: January 19, 2007
Updated: January 26, 2007 11:02:54 PM PST
Also Known As: CME-711 [Common Malware Enumeration], TROJ_SMALL.EDW [Trend Micro], Small.DAM [F-Secure], Downloader-BAI [McAfee], Troj/Dorf-Fam [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Trojan.Peacomm is a Trojan horse that drops a driver program file to download additional security threats.
Trojan.Peacomm reportedly arrives as an attachment to a spammed email with the following characteristics:
Subject:
One of the following:
A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Chinese missile shot down Russian aircraft
Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Russian missile shot down USA aircraft
Russian missile shot down USA satellite
Russian missile shot down Chinese aircraft
Russian missile shot down Chinese satellite
Saddam Hussein safe and sound!
Saddam Hussein alive!
Venezuelan leader: "Let's the War beginning".
Fidel Castro dead.
Attachment:
One of the following:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe
GreetingPostcard.exe
MoreHere.exe
FlashPostcard.exe
GreetingCard.exe
ClickHere.exe
ReadMore.exe
FlashPostcard.exe
FullNews.exe
Threat Assessment
WildLevel: High
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: Medium
Threat Containment: Easy
Removal: Moderate
DamageDamage Level: High
Payload: Downloads additional security threats.
Degrades Performance: Sent UDP packets may degrade performance.
DistributionDistribution Level: Low
Ports: UDP ports 4000, 7871 and 11271
©1995 - 2007 Symantec Corporation
That means this trojan horse is now rated dangerous.
