What Is Small.DAM ?
During the last 48hrs virus writers have been taking advantage of the winter storms in Europe to launch a new wave of attacks on computers around the globe.
This particular attack trys to get the user to "execute" a malicious file attached to an email that contains a Trojan horse.
The email and its attachment pose as information about the dreadful weather that Europe has currently been experiencing.
(Something I can personally vouch for as a roofing contractor has only just left my house after replacing tiles blown off in the strong winds!)
The Trojan is being distributed in emails with messages subjects like:
- 230 dead as storm batters Europe.
- British Muslims Genocide
- Naked teens attack home director.
- A killer at 11, he's free at 21 and kill again!
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
The email will have an attachment that contains the Small.DAM Trojan.
The attachments may contain one of the following filenames:
- Full Clip.exe
- Full Story.exe
- Read More.exe
- Video.exe
If executed (clicked on) the "payload" turns the users computer into a machine that can be controlled remotely by the "hackers" from anywhere in the world!
Turning the computer into what is commonly known as a "zombie"
UK anti-virus firm Sophos reports that the malware accounts for one in every 200 emails it has monitored over the last 12 hours. Two in every three reports of malware tracked by Sophos on Friday involved reports of the Trojan.
By focusing on a topical subject like the news of storms of up to 200mph the writers of this malicious program expect users to let their guard down and open the attachment!
In doing so they can turn their computer into a machine that as the mercy of the hackers, who can use the infected machine to send out spam email or even capture the personal information of the computer owner...
For you techies reading this article Small.DAM contains an advance kernel mode driver that is dropped onto the infected computer:
%SysDir%wincom32.sys - Kernel mode driver component
%SysDir%peers.ini - Initialization file component
It also installs itself as a service with the name "wincom32" by creating the following registry keys:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
wincom32]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_WINCOM32]
The Second Wave Of Small.DAM
It now appears that the writers of the malicious Trojan Small.DAM, have launched a second wave of emails on the public, due to the success they have had with the first wave...
It is still the same malicious program but with new subject lines like:
- Radical Muslim drinking enemies's blood.
- Chinese missile shot down Russian satellite
- Chinese missile shot down Russian aircraft
- Chinese missile shot down USA aircraft
- Chinese missile shot down USA satellite
- Russian missile shot down USA aircraft
- Russian missile shot down USA satellite
- Russian missile shot down Chinese aircraft
- Russian missile shot down Chinese satellite
- Saddam Hussein safe and sound!
- Saddam Hussein alive!
Archived topic from Iceteks, old topic ID:4687, old post ID:37218
Another sick trojan
-
Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Another sick trojan
Sadly enough people out there have a brain with the quality of a stale peanut that's been in a hole for 3 years, and will actually open a .exe VIDEO file without even thinking twice. Sure you can put a flash into a exe file but it won't be 44KB 
Archived topic from Iceteks, old topic ID:4687, old post ID:37219
Archived topic from Iceteks, old topic ID:4687, old post ID:37219
Honk if you love Jesus, text if you want to meet Him!
Another sick trojan
Thats a pretty pwnage hack I would not mind to get my hands on that and use it against some friends and control their computers
Archived topic from Iceteks, old topic ID:4687, old post ID:37220
Archived topic from Iceteks, old topic ID:4687, old post ID:37220
