The malware, dubbed BagleDl-L, is said to damage security applications and attempts to connect with a number of Web sites. According to F-Secure and Sophos, these Web sites currently contain no malicious code, but both companies believe this could soon change.
"Any Trojan horse which turns off your antivirus or firewall can open you up to further attack, even by very old viruses," said Graham Cluley, senior technology consultant for Sophos. "This Trojan horse is aiming to take advantage of people's reflex reaction when they receive an executable file via email. Users who want to install software on their computer should be receiving it from their IT department, not from friends at other companies or potentially dangerous spam mailings."
For the Trojans to work, a certain amount of social engineering is required as the emails contain a ZIP-file attachment which must be opened to display the programs "doc_01.exe" or "prs_03.exe", which must also be run manually to infect a computer.
Unlike mass-mailing worms the Trojan does not self-propagate, but the security companies have highlighted it because a high number of emails containing it have been detected.
The detection of BagleDl-L comes just days after Send-Safe.com, which offered spamming tools, was kicked off Internet service provider MCI's network. Send-Safe is said to use PCs that have been compromised by Trojan horses to propagate spam.
ZDNet UK's Dan Ilett reported from London. For more coverage from ZDNet UK, click here.
