More than 2.4 million emails containing the trojan-downloader Win32.small.cfg were sent to U.K. businesses late Sunday night before the anti-virus community could react, an IT security firm warned today.
According to managed security provider BlackSpider Technologies, the trojan was spammed at 9 p.m. London time on Thursday and was specifically designed to exploit the longest possible window of exposure between its release and the first anti-virus vendors issuing a patch. The virus stopped shortly after Symantec issued a patch at 10:45 a.m. on the morning of Jan. 27.
The subject line of the virus is: YOUR BILL PAYMENT NOT APPROVED!
The body of the text reads:
We are unable to obtain the bill payment from your bank account. Your bank returned the following error to us:
BILL PAYMENT NOT APPROVED
PBS (Payroll and Business Service) Ltd
3 Castle Quay
Order Number: 1104102
Receipt Date: 24/01/06
Total Amount: GBP 755.00
We recently received a report of e-banking use associated with this account. As a precaution, we have limited access to your account in order to protect against future unauthorized transactions.You can check your transaction details in attachment.
Case ID Number: BILL#5563880
Please understand that this is a security measure intended to help protect you and your account.
We apologize for any inconvenience this may cause.
The attachment is a packed FSG executable called BILL#5563880.
James Kay, chief technology officer, BlackSpider Technologies, warned: "This trojan was successful in achieving what appears to be its main purpose – to reach as many inboxes as possible before the anti-virus industry could react."
"Last year we saw many attempts to infect PCs during the window of exposure and that trend looks set to continue in 2006," he said. "Businesses that are not using proactive intelligent threat-prevention technology to tackle new viruses are leaving themselves at serious risk from infection, as today's outbreak shows."