Security firms laugh at 'unstoppable Trojan' claims

Security firms have laughed off claims from Secure Computing that a new Trojan can evade traditional antivirus systems.

Secure Computing's TrustedSource labs issued an urgent alert last night that the 'Mespam' Trojan was on the loose and that ordinary antivirus software would not be able to stop it.

"This threat signifies a trend towards blog, message boards and webmail-related malware," the alert warned.

"What makes it particularly insidious is that antivirus detection from the leaders (McAfee, Symantec, Sophos, Trend Micro etc.) does not always work because Mespam uses server 'polymorphism', i.e. it is continuously 'repackaged' to make it appear different."

The Trojan was spreading after messages were spammed out urging computer users to visit mailfreepostcards.com and download a video.

Mespam is described as 'polymorphic' and TrustedSource claimed that this made it unstoppable by standard means because the signature changes constantly.

"Secure Computing's incorrect claim that Sophos could not deal with this threat gave the guys in our labs the best laugh of their day," said Graham Cluley, senior technology consultant at Sophos.

"Sophos customers had a bigger problem deciding which socks to put on this morning than they did with this malware."

Cluley said that Sophos had picked up the Trojan on 1 February and blocked it and the website it came from on 19 February.