Feeds

Malware maelstrom menaces UK

Post-St Swithin's deluge

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Lock up your email servers - there's a blizzard of Windows malware out there.

Email security firm MessageLabs has blocked more than a thousand copies of an email worm called Breatel-A (AKA Reatle or Lebreat) which attempts to launch a denial of service attack on security vendor Symantec and opens up a backdoor on infected PCs. The virus is being sent with multiple attachment types, including many .cpl files (Windows Control Panel Files) that may not automatically be blocked by some content filters and firewalls as they are not widely used by virus writers.

Typically the infected emails pose as messages that can't be delivered or supposed problems with a user's email or bank account, both common virus writing ploys. The first copies of the virus blocked by MessageLabs originated in Northern Ireland.

And that's not all. More than 120,000 emails containing a downloader Trojan – called Small-BDQ - have been sent to UK businesses since Saturday night (16 July), according to email security company BlackSpider Technologies. Firms targeted vary in size and industry with the attack continuing into Monday morning (18 July). The content of the email poses as a message from a user's sys admin warning that their system has been compromised and is distributing spam. The attachment is a packed executable MEW file called zam.exe. The attachment (just 2.8KB) is programmed to download the main Trojan payload from the web.

John Cheney, BlackSpider chief exec, said: "The effects of the trojan have not yet been revealed but businesses should be aware that its purpose may well be out to discover sensitive corporate information; perhaps via a key-logging tool." ®

Related stories

VXers release 'London bombing' Trojan
Trojan downloader spam poses as admin email
Spyware blizzard shows no sign of let up
UK trojan siege has been running over a year
Window of exposure lets viruses run rampant

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.