Finnish antivirus firm F-Secure Corp. reported in its blog that a Trojan horse program called Small.DAM went on a tear early Friday morning European time. "The heavy seeding through spam was quickly obvious on our tracking screens," F-Secure reported. "The [malware] was spread throughout the world very rapidly."
The blog entry includes video footage of F-Secure's computerized world map. The footage shows glowing dots dramatically spreading across the map as the malware proliferates across the glob. The video is also available on YouTube.
The attackers relied on social engineering, spamming out hundreds of thousands of emails with a subject line that read, "230 dead as storm batters Europe." The emails contain a malicious attachment that will infect the computer if the user opens it.
Mikko Hypponen, head of research at F-Secure, was amazed by how effectively the bad guys capitalized on breaking news about the storm.
"What makes this exceptional is the timely nature of the attack," he told the Reuters news agency. He said thousands of computers were affected around the world, mostly private machines. He told Reuters that most users won't notice the malware, which is designed to creates a back door on the computer that can be used later to steal sensitive data or launch spam runs.
The malware attack also kept researchers busy at UK-based antivirus firm Sophos, which reported that attackers were also duping users with headlines unrelated to the storm.
Sophos said subject lines used in the malicious emails include but may not limited to the following:
- 230 dead as storm batters Europe.
- British Muslims Genocide
- Naked teens attack home director.
- A killer at 11, he's free at 21 and kill again!
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
Attached to the emails are malicious files with names such as Full Clip.exe, Full Story.exe, Full Video.exe, Read More.exe, and Video.exe, Sophos said.
"On average, one in every 200 emails that people have received since midnight are likely to be infected by this Trojan horse," Graham Cluley, senior technology consultant for Sophos, said on the company's Web site. "Receiving or reading the emails themselves does not mean that you will be infected. However, users must be very careful not to click on the attached file inside the emails as that will install a Trojan horse on their computer."