Peacomm Trojan Outbreak
A Symantec Security Response podcast focused on the recent Trojan.Peacomm trojan horse. The goal of this podcast is to help you better understand the threat this malicious code poses to your systems and offers solutions to prevent initial infection and the spread of this new trojan horse.
More information at:
Editor – PodTech
Hello and welcome to this Security Response Podcast presentation for January 22, 2007 brought to you by Symantec, the world leader in providing solutions to help individuals, small businesses and enterprise; assure the security, availability and integrity of their information. Today’s Podcast is focused on â€˜Trojan.Peacomm’ or is it also known â€˜Storm Worm’. Trojan.Peacomm and his variance or a new Category 3 threat that Symantec has seen propagating in the wild. The goal of this Podcast is to provide you with the summary of what the threat is, its impact, as well as provide you with some information on how to protect yourself and your organization.
On January 19th, 2007 Symantec begin receiving alerts on Trojan.Peacomm. Due to an increase in the speed and volume in which this threat is being spammed across the Internet, Symantec has raised the threat level this particular malicious code the category three. Initially, appearing to come from Russia, this Trojan horse program targets Microsoft Operating Systems and arrives as an attachment and email currently being spammed to users around the world.
In the hopes of spreading spam that pumps up penny stocks the author of this malicious code or attempting to trick users into installing the Trojan horse contained in the email. Attackers are using fake news headlines and the promise of a video clip to get unsuspecting users to open the message. Examples of the emails subject lines or 230 dead as storm batters Europe and Fidel Castro is dead. Contained in the email is an EXE attachment with title such as full video.exe, greeting postcard.exe and fullnews.exe among several others.
If an unsuspecting user is tricked to opening one of these attachments, the Trojan will install a number of threads including a rootkit, which attempts to hide itself in the operating system as well as the UDP based peer-to-peer communication channel, which can be used by the Trojan to communicate with several known IP addresses. Once the Trojan has been successfully installed, the infected machines will attempt to connect these addresses and then in turn begin to distribute high volume of penny stock spam.
Symantec Labs have observed an average of over 3500 spam messages per minute being sent on infected machines. In order to protect yourself from Trojan.Peacomm and his variance users and system administrator are advised to perform the following actions. Update your antivirus signatures, antivirus signatures have been available from Symantec since January 19th , but users and system administrator are advised to check for updates on possible new variance of this thread, make sure to configure your Firewalls, email solutions and gateway machine to drop all executable attachments. Update your antispam products to ensure that spam messages distributed by Trojan.Peacomm are stopped at the email gateway, as well as filtering incoming and outgoing activity over UDP port 4078, 71.
Finally, Symantec recommends that users never open any email or attachments from unknown or untrusted sources. For more information on this particular threat, point your browser to www.symantec.com/enterprise/security_response/index.jsp. That concludes our Podcast for today. Thank you for downloading and listening to the Security Response Podcast brought to you by Symantec, the global leader in information integrity, providing software appliances and services to help individual and enterprises secure and manage their most important asset, their information. For more information about this subject related products or additional Podcasts, make sure to visit www.symantec.com.