Spammers have taken advantage of last week’s heavy weather across Europe to infect thousands of systems with a Trojan horse, allowing the systems to be taken over by criminal gangs.
According to F-Secure, the attack was launched in the early hours of Friday morning, European time, taking the form of a wave of spam bearing the Small.DAM Trojan. The spam messages used as subject headers lines such as "230 dead as storm batters Europe", and others.
Mikko Hypponen, F-Secure's chief research officer, said the attack shows gangs are using every technique available to spread malware, and are able to make use of world events in real time.
The Trojan took the form of an attachment with titles such as "Read More.exe", "Full Clip.exe", "Full Story.exe" and "Video.exe", F-Secure said.
Once executed, the file creates a backdoor that can be used by the Trojan's creators to take full control of a system. F-Secure speculated that the aim was to hook users into a new botnet, to be used to launch further attacks or send spam.
F-Secure picked up the first emails seeding the Trojan at its Kuala Lumpur offices on Friday morning. The company believes the attack originated in the region.
The attack was a success, F-Secure said, with instances of Small.DAM spreading rapidly during the Thursday night-Friday morning period.
"The heavy seeding through spam was quickly obvious on our tracking screens," wrote a spokesperson on the company blog. "The worm was spread throughout the world very rapidly."