trojan alert and not a hoax

[devil-uk]

Discovered: January 19, 2007
Updated: January 24, 2007 03:59:11 PM PST
Also Known As: CME-711 [Common Malware Enumeration], TROJ_SMALL.EDW [Trend Micro], Small.DAM [F-Secure], Downloader-BAI [McAfee], Troj/Dorf-Fam [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Peacomm is a Trojan horse that drops a driver program file to download additional security threats.

Trojan.Peacomm reportedly arrives as an attachment to a spammed email with the following characteristics:

Subject:
One of the following:

• A killer at 11, he's free at 21 and kill again!
• U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
• British Muslims Genocide
• Naked teens attack home director.
• 230 dead as storm batters Europe.
• Re: Your text
• Radical Muslim drinking enemies's blood.
• Chinese missile shot down Russian satellite
• Chinese missile shot down Russian aircraft
• Chinese missile shot down USA aircraft
• Chinese missile shot down USA satellite
• Russian missile shot down USA aircraft
• Russian missile shot down USA satellite
• Russian missile shot down Chinese aircraft
• Russian missile shot down Chinese satellite
• Saddam Hussein safe and sound!
• Saddam Hussein alive!
• Venezuelan leader: "Let's the War beginning".
• Fidel Castro dead.

Attachment:
One of the following:

• FullVideo.exe
• Full Story.exe
• Video.exe
• Read More.exe
• FullClip.exe
• GreetingPostcard.exe
• MoreHere.exe
• FlashPostcard.exe
• GreetingCard.exe
• ClickHere.exe
• ReadMore.exe
• FlashPostcard.exe
• FullNews.exe

Notes:

• Due to a substantial increase in activity, Symantec Security Response raised this threat to category 3 on January 22, 2007.
• An IPS signature named "BD Peacomm Trojan" was released on January 23, 2007 and is available for relevant products. Please apply the latest Security Updates for your product to receive this signature.

Further reading: Trojan.Peacomm: Building a Peer-to-Peer Botnet


Protection

• Virus Definitions (LiveUpdate™ Daily) January 19, 2007
• Virus Definitions (LiveUpdate™ Weekly) January 22, 2007
• Virus Definitions (Intelligent Updater) January 19, 2007
• Virus Definitions (LiveUpdate™ Plus) January 19, 2007

Threat Assessment

Wild

• Wild Level: High
• Number of Infections: More than 1000
• Number of Sites: More than 10
• Geographical Distribution: Medium
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: High
• Payload: Downloads additional security threats.
• Degrades Performance: Sent UDP packets may degrade performance.

Distribution

• Distribution Level: Low
• Ports: UDP ports 4000, 7871 and 11271

Writeup By: Masaki SuenagaMircea Ciubotarui

Technical Details

PRINT THIS PAGE
O_GoT('RATE THIS PAGE');RATE THIS PAGE

TOP THINGS TO DO

• Read the Security Response Weblogs
• Use our removal tools
• Submit a sample threat

Search Threats Search by name
Example: W32.Beagle.AG@mm