[pchelpers] be careful ... fake microsoft warning
- From: "G.R. Hanson" <grhanson@xxxxxxxxxxxxxxxx>
- To: <"Undisclosed-Recipient:;"@freelists.org>
- Date: Mon, 12 Jan 2004 15:55:48 -0600
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Xombe Trojan poses as Microsoft warning
Last modified: January 12, 2004, 9:48 AM PST
By Munir Kotadia=20
Special to CNET News.com
=20
An e-mail disguised as a message from Microsoft's security team contains =
a dangerous Trojan horse called Xombe.=20
Xombe, also known as Trojan.Xombe, Downloader-GJ and Troj/Dloader-L, was =
being distributed on Friday. It poses as a critical update for the =
Windows XP operating system. When executed, it attempts to download a =
malicious backdoor component from the Web.=20
=20
=20
=20
=20
=20
It appears to be an imitation of one of last year's most successful =
worms, the mass-mailed Swen, which also masqueraded as a security =
warning from Microsoft.=20
However, Xombe has yet to repeat the success of Swen. While the former =
failed to make the top 10 threats intercepted by e-mail security company =
MessageLabs on Monday morning, Swen was at No. 2, with some 7,000 =
instances captured in the past 24 hours.=20
Ken Dunham, malicious code intelligence manager at security company =
iDefense, said that the success of Swen has encouraged virus writers to =
create e-mails and Web sites that appear official in order to fool more =
people into executing malicious code.=20
The e-mail, which appears to have been sent from =
windowsupdate@xxxxxxxxxxxxx, has the subject line "Windows XP Service =
Pack 1 (Express) - Critical Update" and directs users to execute the =
attachment, called winxp_sp1.exe, in order to fix some vulnerabilities =
in Microsoft's Internet Explorer, Outlook and Outlook Express.=20
Dunham said that once executed, the attachment downloads a file called =
msvchost.exe that alters the Windows Registry and opens certain ports in =
order to listen out for commands from a hacker.=20
Most antivirus companies have already updated their signatures, but =
users without up-to-date antivirus applications could be infected, =
helping the Trojan's author to take control of large numbers of PCs. =
Dunham said that once a "large army of zombie computers" has been built =
up, attackers could use them for serious crimes such as ID theft and =
banking fraud.=20
Microsoft was not immediately available to comment.=20
Although Xombe is only likely to be opened by Windows XP users, it =
affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and =
Windows Server 2003 systems, as well as Windows XP, according to =
security company Symantec.=20
Munir Kotadia of ZDNet UK reported from London.
http://news.com.com/2100-7349-5139317.html?part=3Ddht&tag=3Dntop
---
Outgoing mail is certified Virus Free. Yipee!
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.559 / Virus Database: 351 - Release Date: 1/7/2004
-- No attachments (even text) are allowed --
-- Type: image/gif
-- File: print_hed.gif
-- No attachments (even text) are allowed --
-- Type: image/gif
-- File: email_hed.gif
-- No attachments (even text) are allowed --
-- Type: image/gif
-- File: save.gif
-- No attachments (even text) are allowed --
-- Type: image/gif
-- File: b.gif
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
- » [pchelpers] be careful ... fake microsoft warning
