|
New
Trojan masquerades as Windows XP update
Intruder is considered low-risk
By
Paul Roberts, IDG News
ServiceJanuary
09, 2004
Security
companies are warning Internet users about a new Trojan horse
program spreading via spam e-mail and masquerading as a Windows XP
software update from Microsoft.
The program, known as "Xombe"
or "Dloader-L," arrives as an executable attachment in
spam e-mail messages purporting to come from windowsupdate@microsoft.com
and installs itself on victim's computers when users open the
attachment.
Once installed, Xombe connects to
a Web site, then downloads and installs another program, called
Mssvc-A, which is a Trojan horse program that conscripts victim
computers in distributed denial of service (DDoS) attacks against
Web pages, according to antivirus company Sophos.
Xombe is considered a low risk by
most antivirus companies, including Sophos, Computer Associates
International (CA) and Symantec. The program is not a worm or
virus and cannot make copies of itself. Instead, it is distributed
using spam e-mail messages.
Those messages read, in part,
"Window (sic) Update has determined that you are running a
beta version of Windows XP Service Pack 2 (SP1). To help improve
the stability of your computer, Microsoft recommends that you
remove the beta version of Windows XP SP1."
Recipients are told to "run
the file winxp_sp1.exe in attach (sic) and make sure to restart
your PC after installation," according to CA, Sophos and
others.
Sophos said it has received
several reports of the Xombe Trojan program from customers.
Antivirus companies offered
updated virus definitions to spot Xombe Friday and provided
instructions on removing Trojan programs from infected computers.
Microsoft frequently distributes
security bulletins using e-mail, but never includes software
updates as attachments, according to the company's Web site
Most
Microsoft software updates are made available through the Windows
Update, Microsoft Office Update or the Microsoft Download Center,
the company said
|
