Troj/SWFExp-AI

Troj/SWFExp-AI is a component of a dangerous malware attack that spreads through a corrupted email attachment. However, unlike most attacks of this nature, Troj/SWFExp-AI can attack a computer system without any need for the computer user to open the malicious file attachment. Rather, Troj/SWFExp-AI takes advantage of a vulnerability in popular email clients (particularly Mozilla Thunderbird) in order to attack the victim's computer as soon as the spam email containing Troj/SWFExp-AI's attachment is opened. The actual attachment is detected as Troj/JSRedir-EX while the Flash exploit that allows this malware to inject other files into the victim's computer is detected as Troj/SWFExp-AI.

Computer users have reported that Outlook Express by Microsoft and Thunderbird by Mozilla are both vulnerable to this malware attack. Using this attack, criminals have managed to infect computer users that are typically immune to these kinds of attacks. While most experienced computer users know that opening email attachments contained in unsolicited email messages is an easy way to infect their computer with malware, many ignore the existence of attacks such as this one, which can compromise the victim's computer system without needing the victim to open the malicious email attachment.

The Troj/SWFExp-AI Malware Attack Recycles an Older Kind of Malware Tactic

Attacks similar to the one perpetrated by Troj/SWFExp-AI's malicious email message were among the most common in the late 90's but were quickly phased out in favor of malware attacks relying more heavily on social engineering. This happened because of the rise of web-based email. With services such as Gmail, Hotmail, and Yahoo Mail quickly attracting the vast majority of email users, the ability to attack a computer system directly from an email message was decreased (since email messages do not actually reside on the victim's computer but on a remote server). However, in the case of Thunderbird and Outlook Express, these messages actually do reside on the attacked computer, making it possible for these attacks to take advantage of a security vulnerability in these programs. However, you can easily avoid being a victim of Troj/SWFExp-AI by disabling your email program's automatic rendering of inline attachments. This can be done through your program's settings. However, the best way to avoid this kind of attack is to ensure that these dangerous spam messages do not get past your spam filter. ESG security researchers recommend setting your spam protection to its highest settings to intercept Troj/SWFExp-AI-containing spam.