Plumbing the depths

It’s almost enough to make one feel sorry for Windows users. MessageLabs is reporting that it has intercepted

copies of an email posing as a video news clip of yesterday’s terrorist attack in London which instead contains a Trojan designed to compromise the recipient’s computer. The email containing this Trojan has been crafted to appear as a CNN Newsletter which asks recipients to ‘See attachments for unique amateur video shots’.

When executed the attachment copies itself to %Windir%\winlog.exe and modifies the Windows registry key ‘HKLM/Software/microsoft/Windows/CurrentVersion/Run’ so that it runs automatically on system start-up. The Trojan then attempts to obtain a list of the SMTP servers that the victims machine is configured to use and starts to use these servers to send large volumes of unsolicited mail.