According to data collected by PandaLabs, Belgium, Poland, Colombia and Portugal are the countries most affected by this threat, as it is already the malicious code most frequently detected worldwide by the online antivirus offering Panda ActiveScan.
Along with the distribution of the AH variant of the Sober worm, a large number of infected email messages are being put into circulation worldwide, which means that the current risk of infection is ranked as high.
"Due to the nature of this trojan, which unlike Sober cannot spread using its own means, we believe that the creators are making a huge effort to distribute it," explains Luis Corrons, director of PandaLabs.
"This month, we have seen various attacks of this type, which trust more in overflow techniques than sophisticated techniques to saturate the internet with malware. This, in some way, 'poisons' the internet, as few emails in circulation are free from malware."
Corrons added that it is relatively easy know if this Trojan has affected a computer, as when it is run it shows an image of an operating system logo with a white background in the predefined image viewer in Windows. From then on, every four hours it will activate a connection to one of the URLs detailed in its code at random in order to access a z.php file, which could open the door to other malware or contain malware itself.
This trojan has been distributed in email messages with a variable subject and message body. However, all these messages contain an attachment in zip format that contains a copy of the trojan. Therefore, users are advised to take precautions when opening this type of attachment that does not come from a reliable source.