An anonymous reader writes: A new Trojan horse that started to spread early Sunday via Microsoft's instant messaging client has already infected about 11,000 PCs, a security company said Monday. The as-yet-unnamed Trojan horse began hitting systems about 7 a.m. EST on Sunday, according to Roei Lichtman, the director of product management at Aladdin Knowledge Systems. "We still haven't found what it's meant to do, but at the moment, it's creating an army [of bots]," he said. "Eventually, of course, the operator will send commands to do something."
Users of Microsoft's Windows Live Messenger instant messaging program receive a message that includes spoofed Zip files, such as one named "pics" that is actually a double-extension executable in the format "filenamejpg.exe" or a file labeled "images" that in reality is a .pif executable.
"This is really growing rapidly," said Lichtman. Six hours after it first found the Trojan horse, Aladdin put the total number of assembled bots at about 500; three hours later, that had climbed to several thousand. By 12:30 p.m. EST Monday, the botnet had been built out to 11,000 machines.
But while its speed in spreading is impressive, Lichtman pointed to another characteristic of the Trojan horse: It can also propagate via virtual private network (VPN) clients, the programs typically used by businesspeople to connect with their employer's networks when they're outside the corporate firewall.