According to security researchers at Symantec, a variant of the Mespam Trojan (aka SpamToo-U) is being distributed via the botnet created by the Storm (aka Peacomm) worm.
Because the new malware operates at a very low level - the malicious links are added just before Windows sends outgoing packets to the network - there is no obvious sign of what's happening on the infected computer.
Affected services include the widely used VBulletin and phpBB forum software plus web mail by AOL, Bellsouth, EarthLink, FastMail, Gmail, Hotmail, Yahoo and other popular providers.
Mespam also sends malicious links in instant messages via AOL Instant Messenger, Google Talk and Yahoo Messenger.
"It will become a real threat in the future if the bad guys behind Mespam and Peacomm add code to spread over other popular Web channels (e.g. injecting malicious content while posting on YouTube, Myspace, RSS feed, or while using Google Office on the Web)," wrote Symantec's Elia Florio.
At the time of Symantec's analysis, the malicious URLs all pointed to 'online postcard' sites, but the links and messages can easily be changed by the attackers.
Web 2.0 Trojan hits forums and web mail
A new Trojan variant is spreading by inserting malicious links into forum and webmail postings from infected machines.
RECRUITMENT & RETENTION REPORT 2013
HIRE OR FIRE? BUY OR BUILD2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stephen Withers
Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.
