New Computer Trojan Horse Spreading: Trojan.Peacomm

Dark Knight

Well-Known Member
Joined
Sep 3, 2004
Messages
21,649
Reaction score
82
Discovered: January 19, 2007
Updated: January 26, 2007 11:02:54 PM PST
Also Known As: CME-711 [Common Malware Enumeration], TROJ_SMALL.EDW [Trend Micro], Small.DAM [F-Secure], Downloader-BAI [McAfee], Troj/Dorf-Fam [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Peacomm is a Trojan horse that drops a driver program file to download additional security threats.

Trojan.Peacomm reportedly arrives as an attachment to a spammed email with the following characteristics:

Subject:

One of the following:

  • A killer at 11, he's free at 21 and kill again!
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • British Muslims Genocide
  • Naked teens attack home director.
  • 230 dead as storm batters Europe.
  • Re: Your text
  • Radical Muslim drinking enemies's blood.
  • Chinese missile shot down Russian satellite
  • Chinese missile shot down Russian aircraft
  • Chinese missile shot down USA aircraft
  • Chinese missile shot down USA satellite
  • Russian missile shot down USA aircraft
  • Russian missile shot down USA satellite
  • Russian missile shot down Chinese aircraft
  • Russian missile shot down Chinese satellite
  • Saddam Hussein safe and sound!
  • Saddam Hussein alive!
  • Venezuelan leader: "Let's the War beginning".
  • Fidel Castro dead.
Attachment:
One of the following:

  • FullVideo.exe
  • Full Story.exe
  • Video.exe
  • Read More.exe
  • FullClip.exe
  • GreetingPostcard.exe
  • MoreHere.exe
  • FlashPostcard.exe
  • GreetingCard.exe
  • ClickHere.exe
  • ReadMore.exe
  • FlashPostcard.exe
  • FullNews.exe
Notes:
  • Due to a substantial increase in activity, Symantec Security Response raised this threat to Category 3 on January 22, 2007.
  • An IPS signature named "BD Peacomm Trojan" was released on January 23, 2007 and is available for relevant products. Please apply the latest Security Updates for your product to receive this signature.
  • This threat may also be dropped by W32.Mixor.Q@mm.
Further reading: Trojan.Peacomm: Building a Peer-to-Peer Botnet


Protection

  • Virus Definitions (LiveUpdate™ Daily) January 19, 2007
  • Virus Definitions (LiveUpdate™ Weekly) January 22, 2007
  • Virus Definitions (Intelligent Updater) January 19, 2007
  • Virus Definitions (LiveUpdate™ Plus) January 19, 2007
Threat Assessment

Wild

  • Wild Level: High
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate
Damage

  • Damage Level: High
  • Payload: Downloads additional security threats.
  • Degrades Performance: Sent UDP packets may degrade performance.
Distribution

  • Distribution Level: Low
  • Ports: UDP ports 4000, 7871 and 11271

Writeup By: Masaki Suenaga, Mircea Ciubotarui

http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=1
 
Thanks for the warning!

Does anyone know anything about the amaena.com virus (possibly called Winspyware?)? It's on my PC and I don't have a clue how I got it or how to get rid of it. It won't ruin the PC, from what I've read, but it sure does take the fun out of it. It just automatically closes down every window you have open, or has wild pop-ups that you have to keep exiting. It's a mess. Any help anyone can offer on how to get rid of it will be much appreciated.
 
HeartofTexas said:
Thanks for the warning!

Does anyone know anything about the amaena.com virus (possibly called Winspyware?)? It's on my PC and I don't have a clue how I got it or how to get rid of it. It won't ruin the PC, from what I've read, but it sure does take the fun out of it. It just automatically closes down every window you have open, or has wild pop-ups that you have to keep exiting. It's a mess. Any help anyone can offer on how to get rid of it will be much appreciated.
Do you run anti-spyare programs on a weekly basis? If not, go to www.download.com and download programs such as Ad-Aware, Spybot: Search and Destroy (my 2 favorites) or Hijack This! Then run them ASAP and then weekly afterwards. You would be SURPRISED how much crap they remove! And that should include your problem spyware.
 

Members online

Online statistics

Members online
91
Guests online
1,634
Total visitors
1,725

Forum statistics

Threads
590,013
Messages
17,928,994
Members
228,038
Latest member
shmoozie
Back
Top