Symantec researcher Eric Chien said that the malware uses a Windows layered service provider component to watch network traffic and alter outgoing messages and posts.
"Message board spam is nothing new," Chien explained on the company's security response blog. "But what is different about this message board spam is that the spam text is integrated into legitimate messages posted by real users. "
The attack begins when a user follows a link posted on a spam message or posting promising a 'funny video'. The user is then tricked into downloading an executable that installs the Trojan, formally known as Trojan.Mespam.
The malware will attach the spam greeting to message board postings as well as instant messages sent from AIM, Yahoo Messenger, GTalk and ICQ.
Chien said that emails sent from most popular webmail services, including Google Mail, Hotmail and Yahoo Mail, will also be injected with spam code.
The researcher recommends users to avoid clicking on unrelated links in forum postings, emails and instant messages, and to avoid executing any unsolicited files from a suspicious source.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
