New malware masquerades as Microsoft update

  • By William Jackson
  • Jan 09, 2004
A Trojan horse program that appears to be a Microsoft Corp. security update can download malicious code from a remote Web site and install a back door on the compromised computer, leaving it vulnerable to remote control.

IDefense Inc., a Reston, Va., computer security company, said the malicious code is the latest example of so-called social engineering to fool Windows users. It is similar to the W32Swen worm, which last year passed itself off as a Microsoft patch.

'The success of Swen in 2003 encouraged virus writers to put effort into creating official-looking e-mails and Web sites,' said Ken Dunham, director of malicious code for iDefense.

The Trojan arrives as an attachment to an e-mail that appears to be from [email protected] The subject line says, 'Windows XP Service Pack (Express)'Critical Update.'

The message describes the attachment, WinxpSp1.A, as a cumulative patch that corrects security flaws in versions of Microsoft Internet Explorer, Outlook and Outlook Express. It downloads an executable file that will open a TCP port to listen for remote commands from the attacker.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected