Win32.small.cfg massive spam

By Derek Sooman on January 31, 2006, 5:48 AM
According to security experts BlackSpider Technologies, millions of emails containing the Trojan-downloader Win32.small.cfg were sent to UK businesses late on Sunday. Some 2,400,000 mails were sent before the anti-virus community could react. Win32.small.cfg was spammed out from 9pm local time on 26 January, designed to exploit the longest possible window of exposure between its release and the first anti-virus vendors issuing a patch. The infected mails were spammed with the subject "YOUR BILL PAYMENT NOT APPROVED!" containing an attached executable called BILL#5563880.

James Kay, CTO, BlackSpider Technologies, warned: "This Trojan was successful in achieving what appears to be its main purpose to reach as many inboxes as possible before the anti-virus industry could react.

"Last year we saw many attempts to infect PCs during the window of exposure and that trend looks set to continue in 2006. Businesses that are not using proactive intelligent threat prevention technology to tackle new viruses are leaving themselves at serious risk from infection, as today's outbreak shows."

User Comments: 7

Got something to say? Post a comment
otmakus said:
Yet another trojan email with executable attachment and very suspicious subject, and there are actually a lot of people out there who are stupid enough to execute the attachment. Maybe it has to be advertised on TV "Do Not Open attachment in Emails if U're not entirely sure it's safe".
asphix said:
/agreeI think its rediculous someone would click that. If I got an e-mail like that, first I would check for its relevance to my bill paying process. Is this from one of my monthly bill providers? Is it related at all to the time in which I normally receive notification from this company?If I am still not convinced it is spam/malware I would then log onto the website of said billing company, or give them a call.
taffia77 said:
What people forget is the likes of us who visit this site know what's what and wouldn't dream of clicking on the attachment.However, certainly in the office where I work there's about three other people (out of about 50) who I would credit with having the brains not to click on it. The other 47 would fly into a blind panic and take action to pay their bill.People are stupid!Maybe, and I'm serious, a TV advert isn't a bad idea. Afterall, it affects who knows how many internet users when trojans are used to launch DoS attacks or the like.The government, certainly in the UK, is keen to act as a nanny state and fund anti smoking ads etc. Maybe they should concentrate some cash on these ads
Need_a_Dell said:
Perhaps this virus is more a test than a virus. A virus that does nothing? Seems unlikely. I think that this one was just a test to see how many computers they could infect and how quickly they could do it. I wouldn't be surprised if a more damaging follow-up came along in the near future. People have to take a few more precautions before they open their emails, because something like this could really mess a network up.
nathanskywalker said:
[quote]Dear client!We are unable to obtain the bill payment from your bank account. Your bank returned the following error to us:BILL PAYMENT NOT APPROVEDBILL #5563880 [/quote]lol, wow, that is crakcing me up. O My gosh, right, ok, you pay them. If you don't have the common ad, very good idea,since half america is filled with lazy slobs who do nothing but...ok, nvm.And Dell has a point.Peope were dumb enough to be exploited once, mabye the creator of this "virus" , is just trying to improve his tacktics, see just how well they worked.[quote]Some 2,400,000 mails were sent before the anti-virus community could react[/quote]Judging by those numbers, i'd say he knows what he is doing, be on guard all stupid americans...and otherwise.... ;)
Vaulden said:
Every time something like this happens I am amazed at the ignorance of some users. When you receive a legitimate e-mail in regards to something like this, you will always be able to tell who it is from. And they will most likely do a link rather than an attachment.We might finally be getting through to our users here at my office. However, new users are coming in all the time.It would be great if we could get the message to people through TV, radio, newspapers, etc. A pipe dream... but it would be nice.
gamingmage said:
Wow this may well be just the start. Hopefully anti-virus companies can react with something to prevent the virus (if it does anything) from spreading. Worst case senario this e-mail allows the full Trojan virus to bypass computer security and infect the computer. To bad this won't be on the news or people who don't go onto techspot or places that would have these stories might just click on that e-mail. Maybe this was just to test if they could do it so later on they could send millions of e-mails that are actually threatening. I don't know, but hopefully the companies can do something about it.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.