MessageLabs have detected a Trojan posing as a movie clip of yesterday's terrorist attack in London. The email containing this Trojan has been crafted so that it appears to be a CNN Newsletter which asks you to 'See attachments for unique amateur videoshots'.
When executed the attachment copies itself to %Windir%winlog.exe and modifies the Windows registry key 'HKLM/Software/microsoft/Windows/CurrentVersion/Run' so that it runs automatically on system start-up. The Trojan then attempts to obtain a list of the SMTP servers that your machine is configured to use and starts to use these servers to send large volumes of unsolicited mail.
Email characteristics:
Sender address: breakingnews@cnnonline.com
Email subject: TERROR HITS LONDON
Filename: 'London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe'
Trojan poses as movie clip of London blasts
Posted on Friday, July 08 2005 @ 19:35 CEST by Thomas De Maesschalck