Application security

Double attack fires 650,000 trojan emails at U.K. firms

A double virus attack hit U.K. businesses with an estimated 650,000 trojan-laden emails before antivirus vendors were able to issue a patch against the new malware, a security firm claimed yesterday.

According to BlackSpider Technologies, the first attack happened on Monday at 10:45 a.m.

The firm estimated that more than 455,000 emails containing the trojan Downloader.Win32.Agent.adu hit inboxes of U.K. businesses during a three-hour window of exposure. The trojan was patched by the first anti-virus vendor at 1:45 p.m.

The second wave, containing the trojan Downloader.Win32.Agent.dsl, struck at 5:10 a.m. Tuesday morning, with more than 195,000 trojan infected emails being sent to U.K. businesses before a patch was issued by the antivirus community. The second trojan was patched more than three hours later at 8.15 a.m.

Both emails used the same subject line and text in the body of the email, claiming to be a transaction to online retailer Amazon. The emails also used an executable attachment in both cases.

The only difference between the emails was the size of the payload – the first email was 5,564 bytes, the second 5,712 bytes.

James Kay, chief technical officer, BlackSpider Technologies, said: "This was a particularly opportunist attack. Emails from the first wave were still being released by the hacker when the second wave struck. Antivirus vendors were probably not expecting a second – and very similar – wave to occur while the first attack was still happening. Not only was the first attack successful, it also effectively acted as a smokescreen and allowed the second strike to catch the antivirus community off guard, which is why it enjoyed a window of exposure of more than three hours."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.