Web mail and message forums are the newest vehicle for the quickly spreading Storm Trojan, security researchers say. The latest attack injects a link to a malware (define) site whenever infected users write online.

According to Symantec (Quote), Gmail, Yahoo Mail, Hotmail and AOL are among a number of vulnerable Web-based e-mail products. Message forums based on Virus Bulletin and phpBB software are also at risk, said a spokeswoman.

Users are first infected by clicking on an e-mailed link, which downloads a malware rootkit able to watch network traffic, according to Dmitri Alperovitch, Secure Computing's principal researcher. The worm then inserts 'Have you seen this link?' in messages posted on a variety of Web mail and online forums.

The link then infects more PCs, multiplying the malware's spread, the researcher told internetnews.com.

Google (Quote), Yahoo (Quote), Microsoft (Quote) and AOL were not immediately available for comment.

"When it notices you posting to a bulletin board, it modifies your posting to include the spam text," Eric Chien, principal software engineer at Symantec, wrote in a blog.

The solution for companies is easy: Block employees from selecting the link, Gartner research analyst John Pescatore told internetnews.com.

The Trojan still infects outgoing instant messages for Gtalk, Yahoo Messenger, AIM and ICQ, according to Symantec.

This article was first published on InternetNews.com. To read the full article, click here.