Web 2.0 Trojan hits forums and web mail

Stephen Withers
Thursday, 01 March 2007 10:14

Your IT - Home IT

A new Trojan variant is spreading by inserting malicious links into forum and webmail postings from infected machines.

According to security researchers at Symantec, a variant of the Mespam Trojan (aka SpamToo-U) is being distributed via the botnet created by the Storm (aka Peacomm) worm.

Because the new malware operates at a very low level - the malicious links are added just before Windows sends outgoing packets to the network - there is no obvious sign of what's happening on the infected computer.

Affected services include the widely used VBulletin and phpBB forum software plus web mail by AOL, Bellsouth, EarthLink, FastMail, Gmail, Hotmail, Yahoo and other popular providers.

Mespam also sends malicious links in instant messages via AOL Instant Messenger, Google Talk and Yahoo Messenger.

"It will become a real threat in the future if the bad guys behind Mespam and Peacomm add code to spread over other popular Web channels (e.g. injecting malicious content while posting on YouTube, Myspace, RSS feed, or while using Google Office on the Web)," wrote Symantec's Elia Florio.

At the time of Symantec's analysis, the malicious URLs all pointed to 'online postcard' sites, but the links and messages can easily be changed by the attackers.