[color:"red"] A Trojan horse virus targeting users of Microsoft's latest
operating system, Windows XP, was sent by spammers this week.
Experts said the program, known as Trojan.Xombe could be used
to steal passwords or be used in conjunction with other systems to
conduct denial-of-service attacks that can cripple websites and networks.
In Detroit, television station WDIV reported that the Wayne County
Sheriff's Internet Crime Unit alerted computer users to the virus.
PERSONAL VIRUS PROTECTION
Free Microsoft MS03-039 Patch
Free Microsoft Blaster Patch
SoBig.F Removal Tool
Blaster Removal Tool
Download Virus Definitions
Other Virus Removal Tools
Securities Update Vault
REMEMBER: Don't open e-mail attachments that end in .vbs, .pif or
other unfamiliar extensions. Even if the e-mail appears to come from
a trusted source, it could be someone "spoofing" an address. Confirm
it's from who you think it's from before you open.
Sheriff Warren Evans said that Xombe was first detected Sunday. It
could mean that someone shopping on any online retail or banking
site unknowingly would be transferring his or her private information
to the person who sent the bogus e-mail.
"Our investigators are always on the lookout for the latest scams and
have learned that this Trojan horse was spammed out to a large number
of computers overnight," said Evans. "By using this approach, attackers
hope to infect hundreds, even thousands, of machines before users
realize what's up, or anti-virus companies can react with updated definition
The Symantec Corp, which produces virus protection software, lists
the virus as a Level 2 threat, its second highest. Unlike some Trojan
horses, this one is not believed to be self-replicating.
Here's how the scam works:
The faux message, which contains a fake sending address of
email@example.com , uses the subject line "Windows XP
Service Pack 1 (Express)--Critical Update" to trick recipients into opening
the attached file.
"Window [sic] Update has determined that you are running a beta version
of Windows XP Service Pack 1 (SP1)," the message's text reads in part.
"To help improve the stability of your computer, Microsoft recommends that
you remove the beta version of Windows XP SP1 and re-install Windows
XP SP1." The message goes on to urge the user to run the winxp_sp1.exe
file attachment to re-install SP1, and recommends that anti-virus software
be disabled, as it "may interfere with the installation."
More info on Xombe here, from Norton's site.
Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.
The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.
The email has the following characteristics:
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)
Be aware that Norton's automatic virus definition for this Trojan won't be available till tomorrow. Make sure you carry out an update of your virus checker tomorrow. So, never open attachments that seem to come from Microsoft - Microsoft *never* send out attachments anyway... All Critical Updates are *always* done online via the Windows Update site. [color:"black"]