Spammers are exploiting the public's interest in this week's European storm to spread a computer Trojan that sends junk e-mail and can also capture personal information...

Read this article for more information on this security update.

What Is Small.DAM ?

During the last 48hrs virus writers have been taking advantage of the winter storms in Europe to launch a new wave of attacks on computers around the globe.

This particular attack trys to get the user to "execute" a malicious file attached to an email that contains a Trojan horse.

The email and its attachment pose as information about the dreadful weather that Europe has currently been experiencing.

(Something I can personally vouch for as a roofing contractor has only just left my house after replacing tiles blown off in the strong winds!)

The Trojan is being distributed in emails with messages subjects like:

- 230 dead as storm batters Europe.
- British Muslims Genocide
- Naked teens attack home director.
- A killer at 11, he's free at 21 and kill again!
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel

The email will have an attachment that contains the Small.DAM Trojan.

The attachments may contain one of the following filenames:

- Full Clip.exe
- Full Story.exe
- Read More.exe
- Video.exe

Fig 1.1 - This arrived in my inbox when writing the article!

If executed (clicked on) the "payload" turns the users computer into a machine that can be controlled remotely by the "hackers" from anywhere in the world!

Turning the computer into what is commonly known as a "zombie"

UK anti-virus firm Sophos reports that the malware accounts for one in every 200 emails it has monitored over the last 12 hours. Two in every three reports of malware tracked by Sophos on Friday involved reports of the Trojan.

By focusing on a topical subject like the news of storms of up to 200mph the writers of this malicious program expect users to let their guard down and open the attachment!

In doing so they can turn their computer into a machine that as the mercy of the hackers, who can use the infected machine to send out spam email or even capture the personal information of the computer owner...

For you techies reading this article Small.DAM contains an advance kernel mode driver that is dropped onto the infected computer:

%SysDir%\wincom32.sys - Kernel mode driver component
%SysDir%\peers.ini - Initialization file component

It also installs itself as a service with the name "wincom32" by creating the following registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\wincom32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
\Root\LEGACY_WINCOM32]

The Second Wave Of Small.DAM

It now appears that the writers of the malicious Trojan Small.DAM, have launched a second wave of emails on the public, due to the success they have had with the first wave...

It is still the same malicious program but with new subject lines like:

- Radical Muslim drinking enemies's blood.
- Chinese missile shot down Russian satellite
- Chinese missile shot down Russian aircraft
- Chinese missile shot down USA aircraft
- Chinese missile shot down USA satellite
- Russian missile shot down USA aircraft
- Russian missile shot down USA satellite
- Russian missile shot down Chinese aircraft
- Russian missile shot down Chinese satellite
- Saddam Hussein safe and sound!
- Saddam Hussein alive!

DON'T GET CAUGHT OUT!

Make sure you have an up to date antivirus package on your computer - if you do not have the funds for one then do not let that be an excuse, take a look the the free version from Grisoft.com

Add To Del.icio.us Digg It!

Share this page (just copy & paste)

HTML LINK - Post this page link in your blog or webpage!

If you have found this article on the Small.DAM trojan useful, then why not sign up for my FREE Windows XP Newsletter service?

Enjoy the rest of site and remember if you have a query about this site or a comment to make then drop me a line at the Contact Page

Kind Regards

Marc Liron - Bio
Microsoft Digital Media MVP
Your Guide to using Windows XP
A Unique Windows XP Newsletter? Sign Up Now!
- Make sure you get your FREE tips and advice...

----------------------------------------------

Other Websites By Marc Liron - Microsoft MVP

News and Articles on Windows Vista:

www.instantvista.com

-----------------------------------------------------------------------------------------

The views on this website are my own and NOT that of Microsoft!
I am not responsible for the content of any sites linked to.
ALL Trademarks are freely acknowledged
The information provided on this website is provided "as is" without warranty of any kind.

This page was last updated 19th January 2007

New Trojan Small.DAM Warning

More Articles at the Main Article Index