Spam About WinXP Patch Contains Trojan Horse
Date: January 14, 2004
A Trojan horse virus targeting users of Microsoft's latest operating system, Windows XP, was sent by spammers this week.
Experts said the program, known as Trojan.Xombe could be used to steal passwords or be used in conjunction with other systems to conduct denial-of-service attacks that can cripple websites and networks.
In Detroit, television station WDIV reported that the Wayne County Sheriff's Internet Crime Unit alerted computer users to the virus.
Sheriff Warren Evans said that Xombe was first detected Sunday. It could mean that someone shopping on any online retail or banking site unknowingly would be transferring his or her private information to the person who sent the bogus e-mail.
"Our investigators are always on the lookout for the latest scams and have learned that this Trojan horse was spammed out to a large number of computers overnight," said Evans. "By using this approach, attackers hope to infect hundreds, even thousands, of machines before users realize what's up, or anti-virus companies can react with updated definition files. "
The Symantec Corp, which produces virus protection software, lists the virus as a Level 2 threat, its second highest. Unlike some Trojan horses, this one is not believed to be self-replicating.
Here's how the scam works:
The faux message, which contains a fake sending address of firstname.lastname@example.org, uses the subject line "Windows XP Service Pack 1 (Express)--Critical Update" to trick recipients into opening the attached file.
"Window [sic] Update has determined that you are running a beta version of Windows XP Service Pack 1 (SP1)," the message's text reads in part. "To help improve the stability of your computer, Microsoft recommends that you remove the beta version of Windows XP SP1 and re-install Windows XP SP1." The message goes on to urge the user to run the winxp_sp1.exe file attachment to re-install SP1, and recommends that anti-virus software be disabled, as it "may interfere with the installation."
^macro[showdigestcomments;^uri;Spam About WinXP Patch Contains Trojan Horse]