Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A new Trojan virus-BE CAREFUL
#1
Trojan Horse Virus

Trojan Horse Poses As Windows XP Update
Sun Jan 11,11:00 PM ET Add Technology -

Gregg Keizer, TechWeb News

A new Swen-style Trojan horse posing as a critical update from Microsoft has been detected on the Internet, and users who open the e-mail message may find their machines loaded with a back-door Trojan that can steal passwords or be used in conjunction with other systems to conduct major denial-of-service (DoS) attacks.


Dubbed Trojan.Xombe (as in zombie) by most security firms, the Trojan shares some characteristics of the Swen worm family in that it masquerades as a message from Microsoft and purports to carry a security update in its file attachment. However, unlike Swen--a worm which first appeared last September--Trojan.Xombe doesn't self-replicate.


"This Trojan was spammed out to a large number of computers overnight," said Ken Dunham, the director of malicious code at iDefense, a Reston, Va.-based security intelligence firm. By using spamming strategies, attackers hope to infect hundreds, even thousands, of machines before users realize what's up, or anti-virus companies can react with updated definition files.


The faux message, which sports a spoofed sending address of [email protected], uses the subject line 'Windows XP (news - web sites) Service Pack 1 (Express)--Critical Update' to trick recipients into opening the attached file.


"Window [sic] Update has determined that you are running a beta version of Windows XP Service Pack 1 (SP1)," the message's text reads in part. "To help improve the stability of your computer, Microsoft recommends that you remove the beta version of Windows XP SP1 and re-install Windows XP SP1." The message goes on to urge the user to run the winxp_sp1.exe file attachment to re-install SP1, and recommends that anti-virus software be disabled, as it "may interfere with the installation."


Lies. All lies.


"The Trojan definitely downloads malicious code and installs it on the system," confirmed Dunham. By his analysis, Trojan.Xombe downloads a back-door IRC Trojan horse to the compromised machine. Once that's installed, attackers can access the PC undetected, add other code to the computer--such as key trackers for acquiring passwords--and use the machine to launch DoS attacks on other machines.


Trojan.Xombe, and socially engineered attacks like it--including phishing expeditions such as the MiMail worm, another exploit that pretends to be something it isn't in the hope that people will open the file attachment--are the confirmation security professionals were looking for that 2004 will be a rough, rocky year.


"Attackers use the social engineering trends of the moment," said Vincent Weaver, senior director of Symantec's security response center. Touting a security update is only natural for hackers, he added, what with the increased awareness of many computer users of ongoing security issues with Windows.


Trojan.Xombe is also a good example of another trend first spotted in 2003, but certain to continue this year, said Dunham.


"Trojans are being integrated into almost every piece of malicious code," he said. More than anything, hackers today want to amass an army of compromised machines--typically called zombies--that they can then use for other purposes.


"A lot of people are worried about the next super worm," he said, "but that's not the real threat we'll see in 2004. The real threat is in Trojan horses. The goal of attackers is really about Trojans and remote control of other computers, for stealing passwords and targeted DoS attacks. It's not about fun and notoriety anymore. It's about money and power."


Security firms, including Symantec, Network Associates, and Sophos, have posted alerts on their Web sites warning users of Trojan.Xombe, but disagree on the severity of the problem. Symantec, for instance, currently ranks the Trojan as a level '2' threat in its 1 through 5 rating system, while Network Associates tags Xombe with a 'low' threat assessment.


The best defense against bogus e-mails carrying nasty payloads? "A lot of people see an e-mail and think that it's true," said Dunham. "But everything should be looked at with a degree of skepticism and concern, rather than trust."


Symantec's Weaver also reminded users that Microsoft never delivers security updates via e-mail, and urged people to scan suspicious messages for tell-tale signs of a scam, such as misspelled words and awkward syntax, both of which are evident in the message loaded with Trojan.Xombe.
<!-- Start CGISpy.com Random Image Code -->
<img src="http://scripts.cgispy.com/image.cgi?u=BITENY"><br>
<!-- End CGISpy.com Random Image Code -->
Reply
#2
If you get a virus it's because you are an idiot.

I don't have any virus software, but have never gotten a virus in my life.

Therefore, one can only assume that only morons get viruses.
<center>
<img src=http://img5.photobucket.com/albums/v22/jpcrecom/46-16.jpg>
Reply
#3
Not even a cold?
&lt;center&gt;&lt;img src=http://scripts.cgispy.com/image.cgi?u=wankfellow&gt;&lt;/center&gt;
Reply
#4
He got a bad case of yeast infection when his gal squirted him in his eye. does that count????
[Image: fearloathingkewgardens.jpg]
Reply
#5
i agree. it takes effort to get a virus.
Reply
#6
if you open an email that says to apply the attachment or go to a link to download something, then you deserve to get hit with a virus - even my grandmother knows not to open mail from people she doesn't know.
<center><img src=http://img2.photobucket.com/albums/v11/Goatweed/misc/markasread.jpg></center>
Reply
#7
don't take candy from strangers. same thing applies when receiving an email with the supposed paris hilton video attached.
Reply
#8
and even if you don't know them.... if it has an MP3 or .wmv file you're fine. Just don't be retard and open up txt.txt files or .mp3.vbs or shit like that, you morons.
<center>
<img src=http://img5.photobucket.com/albums/v22/jpcrecom/46-16.jpg>
Reply
#9
anything could be unsafe. i used to attach the netbus trojan to jpeg files. good times.
Reply
#10
You're a bad man Jimbo.

A bad, bad man.
&lt;center&gt;&lt;img src=http://scripts.cgispy.com/image.cgi?u=wankfellow&gt;&lt;/center&gt;
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)