Trojan Email Harvester Detected

Chain attack Trojan nets 3m email addresses Can infect victim PCs with up to 19 malicious malware programs. Robert Jaques, vnunet.com Security experts have uncovered a highly sophisticated global 'chain' attack, which uses the pamNet.A Trojan to infect victim PCs with up to 19 malicious malware programs. The attack, which is based on a tree structure, was discovered on a web page hosted on a server in the USA, with a domain registered from an address in Moscow. The principal goal of the cyber assault is to send out junk mail, and, by using this complex structure, is estimated to have so far compiled more than 3m email addresses worldwide. According to Panda Software, the infection chain begins when a user visits the first infected page. This web page uses the Iframe tag to try to open two new pages. This initiates two parallel processes, each one associated to one of the two pages. In any event, if the attack is successful, it installs and executes one of two identical files - Web.exe or Win32.exe, on the computer. When run, these files create seven files on the computer, one of which is a copy of itself and the rest of which are Trojans, adware and premium rate dialers. When the first of the two pages opens, it in turn opens six other pages, which redirect the user to further pages with pornographic content. It also directs the user to a seventh page, which starts the principal attack process. This page exploits two possible vulnerabilities to carry out its actions: Ani/anr and Htmredir. The complexity of this attack is "virtually unprecedented", according to Panda. "The fact that more than 3maddresses have been compiled to send spam to is an indication of the success the creator of this attack is enjoying," said Luis Corrons, director of PandaLabs. "The primary motivation of these attacks is financial gain over and above notoriety, and spam is one of the chief sources of income for malware creators. "