New malware masquerades as Microsoft update

  • By William Jackson
  • Jan 09, 2004
A Trojan horse program that appears to be a Microsoft Corp. security update can download malicious code from a remote Web site and install a back door on the compromised computer, leaving it vulnerable to remote control.

IDefense Inc., a Reston, Va., computer security company, said the malicious code is the latest example of so-called social engineering to fool Windows users. It is similar to the W32Swen worm, which last year passed itself off as a Microsoft patch.

'The success of Swen in 2003 encouraged virus writers to put effort into creating official-looking e-mails and Web sites,' said Ken Dunham, director of malicious code for iDefense.

The Trojan arrives as an attachment to an e-mail that appears to be from [email protected] The subject line says, 'Windows XP Service Pack (Express)'Critical Update.'

The message describes the attachment, WinxpSp1.A, as a cumulative patch that corrects security flaws in versions of Microsoft Internet Explorer, Outlook and Outlook Express. It downloads an executable file that will open a TCP port to listen for remote commands from the attacker.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected