Jan 21: New Trojan Small.DAM Warning
SO, What is Small.Dam?
During the last 48hrs virus writers have been taking advantage of the winter storms in Europe to launch a new wave of attacks on computers around the globe.Basically, If you didn't ask for e-mails about the weather in Europe, it's most likely crap.
This particular attack trys to get the user to "execute" a malicious file attached to an email that contains a Trojan horse.The email and its attachment pose as information about the dreadful weather that Europe has currently been experiencing.
(Something I can personally vouch for as a roofing contractor has only just left my house after replacing tiles blown off in the strong winds!)
The Trojan is being distributed in emails with messages subjects like:
- 230 dead as storm batters Europe.
- British Muslims Genocide
- Naked teens attack home director.
- A killer at 11, he's free at 21 and kill again!
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela MerkelThe email will have an attachment that contains the Small.DAM Trojan.
The attachments may contain one of the following filenames:
- Full Clip.exe
- Full Story.exe
- Read More.exe
- Video.exe
Obviously, below, there is more info on what the trojan does, read only if you want info on it.
Turning the computer into what is commonly known as a "zombie"
UK anti-virus firm Sophos reports that the malware accounts for one in every 200 emails it has monitored over the last 12 hours. Two in every three reports of malware tracked by Sophos on Friday involved reports of the Trojan.
By focusing on a topical subject like the news of storms of up to 200mph the writers of this malicious program expect users to let their guard down and open the attachment!
In doing so they can turn their computer into a machine that as the mercy of the hackers, who can use the infected machine to send out spam email or even capture the personal information of the computer owner...
For you techies reading this article Small.DAM contains an advance kernel mode driver that is dropped onto the infected computer:
%SysDir%\wincom32.sys - Kernel mode driver component
%SysDir%\peers.ini - Initialization file component
It also installs itself as a service with the name "wincom32" by creating the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\wincom32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
\Root\LEGACY_WINCOM32]
The Second Wave Of Small.DAM
It now appears that the writers of the malicious Trojan Small.DAM, have launched a second wave of emails on the public, due to the success they have had with the first wave...
It is still the same malicious program but with new subject lines like:
- Radical Muslim drinking enemies's blood.
- Chinese missile shot down Russian satellite
- Chinese missile shot down Russian aircraft
- Chinese missile shot down USA aircraft
- Chinese missile shot down USA satellite
- Russian missile shot down USA aircraft
- Russian missile shot down USA satellite
- Russian missile shot down Chinese aircraft
- Russian missile shot down Chinese satellite
- Saddam Hussein safe and sound!
- Saddam Hussein alive!
DON'T GET CAUGHT OUT!
Make sure you have an up to date antivirus package on your computer - if you do not have the funds for one then do not let that be an excuse, take a look the the free version from Grisoft.com
