Romanian security developer BitDefender has issued a warning about a fast spreading Trojan dubbed Spammer.HotLan.A which is using Hotmail and Yahoo accounts to send spam. According to BitDefencer some 15,000 accounts have already been compromised and the situation is likely to get much worse over the next few days.

Viorel Canja, BitDefender Antivirus Lab chief, told DaniWeb that “it’s hard to estimate how much spam has already been sent out, but there are at least 500 new accounts being created by the Trojan every hour.”

The worrying piece of this particular puzzle is the fact that the Trojan uses automatically-generated accounts, something that suggests spammers might have found a way to bypass the Captcha system so many of us depend upon to keep spambots out of forums, email and social networking systems.

Other than that, it is pretty much the same old same old: every active copy of the Trojan accesses an account, downloads encrypted spam from a website, decrypts it and sends on to a spam mail list of email addresses from yet another website. The spam being sent is currently leading users to a pharmacy product site, but expect that to change as the Trojan morphs over the next few days and weeks. Common spammer techniques are being used in the e-mail body text including Bayesian poisoning and the old corker, a random e-mail subject.

Check with your security vendor and make sure this threat is covered in the latest signature update file.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.