Russian anti-virus vendor Doctor Web warns users of a mass mailing of spam messages containing Trojan.DownLoad.47256. This Trojan downloads other malicious programs to the compromised system.
The mass mailing of the Trojan started on September 17, 2009. By now the number of messages with Trojan.DownLoad.47256 mailed per 24 hours exceeds one million while its share of malicious code detected in e-mail traffic is more than 90%.
Trojan.DownLoad.47256 is a common malicious downloader. Once launched by a user, it creates svchost.exe and sms.exe processes and injects its code into the processes. After that the original downloader file is deleted and the Trojan attempts to download a malicious objects from a bogus web-site. If successful, Trojan.DownLoad.47256 will launch the file and stop working. It should be noted that objects downloaded by the Trojan can perform a wide variety of tasks.
According to Doctor Web the web-site that provides the Trojan with malicious code for downloading is not operational. However, new modifications of Trojan.DownLoad.47256 that will download malware from other web-sites may appear. Besides, operation of the web-site used by Trojan.DownLoad.47256 can be resotred.
The graph shows rapid spreading of Trojan.Botnetlog.11 over the in last days.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.