According to the researchers, Trojan.Sasfis is not new, having been around since early this year, but Symantec says it has recently noticed an increase in submission volumes.
The threat, says Symantec, has been taking a fairly consistent approach to compromising computers, mainly in the form of attachments to emails sent out through spam campaigns that use names such as Amazon_Tracking_Number_N[RANDOM NUMBER][LONG SPACE]DOC.exe and iTunes_certificate[RANDOM NUMBER].exe.
The latest Trojan.Sasfis email attachments include Changelog_[DAY]_[MONTH]_2010.zip and Changelog_[DAY]_[MONTH].2010.PDF.zip.
Both .zip files, say the researchers, contain a .doc and .pdf file respectively, but they are not what they appear to be, as the files are actually executable, having the real extension after a very long space between .pdf/doc and .exe.
Writing in their security blog, the researchers claim that, if there were this many threats running on the compromised computer it would no doubt run extremely slowly.
Interestingly, they say, it does run slowly – "but not because the computer is infected by all these threats – which of course it is not."
To disguise itself as a legitimate application, Trojan.Sasfis injects itself into common processes, such as iexplore.exe and svchost.exe.
This will, says Symantec, provide the necessary cloaking ability to bypass a firewall.
"So our advice is, as always, don't open attachments unless you are absolutely sure who they are from and what they are", said the firm.