The new spammed multi-stage Trojan downloader uses an exploit to download and execute an encoded visual basic script from a Web site. The Trojan then creates an executable file which appears to download a malicious program from the same Web site as the original script.
E-mail security services provider MessageLabs said early indications were the new virus was similar to previous attacks, whereby criminals have used Trojans install key loggers and password stealers.
MessageLabs' technical director, David Banes said the company had to date only detected just over 4,000 affected machines globally. In true social-engineering fashion, the Trojan comes with subject phrases such as "about the thing we talked last week.." or "Here is it.. like you asked for me 2 days ago" and "whats wrong with you ? why you dont answer to my emails?"
Banes said machines which were not regularly updated are more susceptible to the new Trojan.