Whilst this strategy has appeared previously in different guises, with encrypted zip attachments first becoming a major issue six months ago, the situation has worsened considerably in recent weeks with a significant increase in the number of such mails being propagated.
The new batch of virus laden emails typically contain the Trojan.Peacomm virus (also known as the Storm Trojan), which is approximately 77kb in size and usually contained within either an encrypted email or a password protected zip attachment to an email.
The emails frequently contain a security warning, offering to protect the user from a threat. The phrase ATTN! is frequently prominent within the subject line of such emails – although others include ‘Worm Detected!’, ‘Virus Detected!’, ‘Spyware Alert!’ and ‘Warning!’. On receipt of the email, users are prompted with the password and thereby unwittingly able to release the virus on their machine. On execution of the file, the Storm Trojan virus is designed to retrieve additional malicious code from the internet.
During the last few weeks, Email Systems has quarantined hundreds of thousands of such emails – a major increase from the tens of thousands witnessed in the most recent attack six months ago.