"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.
The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.
The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.
[...]
The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.
Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.
"If I send you a package but it doesn't explode, why did I send it?" he said. "Maybe I want to see if I can get it out to you and how you open it."
There's a total of five trojans on the frames. It's a pretty clever little piece of social engineering, too. The vast majority of unsophisticated users wouldn't ever think of a "digital picture frame" as something that can infect their computer — "It's just a display device, isn't it?" And it hides from antivirus software ... "Symantec never gave me any warnings when I connected it!" All they know is their computer keeps getting infected from somewhere, but they don't know where. If they even know it's infected in the first place.