New Trojan disguises itself as Microsoft update-- NOT!
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
This trojan set is being called Xombe or Downloader so far, and is still being analyzed. BUT, it comes as an attachment from a surface address(what shows as address, looking in header details says that the address is SPOOFED) of windowsupdate@microsoft.com. Email claims this is an update to Windows XP SP1 of beta kind-- no such distribution is being made by Microsoft, SP1 has been in final form for over a year now, and individual fixes are being made but the most recent are labelled SP2 and NOT SP1.
DO NOT install anything executable that comes attached as email that says it is from Microsoft, not even if is claims to be a replacement for a beta version of Windows XP, SP1. Microsoft does NOT email updates, for just this reason-- it is too easy to spoof fakes such as this one. This one IS NOT FROM Microsoft, and the first thing the trojan does is to download ANOTHER trojan(being studied now), which downloads another executable which is still being analyzed also.
For details, link here, note that Computer Associates is reputable and has been involved in security for decades and wants folks to KNOW about this one and is using eWeek's insterest in computer security to spread the word.
Link here for more info:
http://www.eweek.com/article2/0,4149,1429886,00.asp?kc=EWNWS011204DTX1K0000599
John.
DO NOT install anything executable that comes attached as email that says it is from Microsoft, not even if is claims to be a replacement for a beta version of Windows XP, SP1. Microsoft does NOT email updates, for just this reason-- it is too easy to spoof fakes such as this one. This one IS NOT FROM Microsoft, and the first thing the trojan does is to download ANOTHER trojan(being studied now), which downloads another executable which is still being analyzed also.
For details, link here, note that Computer Associates is reputable and has been involved in security for decades and wants folks to KNOW about this one and is using eWeek's insterest in computer security to spread the word.
Link here for more info:
http://www.eweek.com/article2/0,4149,1429886,00.asp?kc=EWNWS011204DTX1K0000599
John.
0