Because the new malware operates at a very low level - the malicious links are added just before Windows sends outgoing packets to the network - there is no obvious sign of what's happening on the infected computer.
Affected services include the widely used VBulletin and phpBB forum software plus web mail by AOL, Bellsouth, EarthLink, FastMail, Gmail, Hotmail, Yahoo and other popular providers.
Mespam also sends malicious links in instant messages via AOL Instant Messenger, Google Talk and Yahoo Messenger.
"It will become a real threat in the future if the bad guys behind Mespam and Peacomm add code to spread over other popular Web channels (e.g. injecting malicious content while posting on YouTube, Myspace, RSS feed, or while using Google Office on the Web)," wrote Symantec's Elia Florio.
At the time of Symantec's analysis, the malicious URLs all pointed to 'online postcard' sites, but the links and messages can easily be changed by the attackers.
RECRUITMENT & RETENTION REPORT 2013HIRE OR FIRE? BUY OR BUILD
2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.