Trojan Poses as Windows XP Update - File arrives in an attachment purported to be from Microsoft.

PCWorld ^ | Friday, January 09, 2004 | Paul Roberts, IDG News Service

[Ernest_at_the_Beach]

Security companies are warning Internet users about a new Trojan horse program spreading via spam e-mail and masquerading as a Windows XP software update from Microsoft.

  
  Advertisement  
   
   
 
  
The program, known as "Xombe" or "Dloader-L," arrives as an executable attachment in spam e-mail messages purporting to come from windowsupdate@microsoft.com and installs itself on victim's computers when users open the attachment.

Once installed, Xombe connects to a Web site, then downloads and installs another program, called Mssvc-A, which is a Trojan horse program that conscripts victim computers in distributed denial of service attacks against Web pages, according to antivirus company Sophos.

Low Risk
Xombe is considered a low risk by most antivirus companies, including Sophos, Computer Associates International, and Symantec. The program is not a worm or virus and cannot make copies of itself. Instead, it is distributed using spam e-mail messages.

Those messages read, in part, "Window [sic] Update has determined that you are running a beta version of Windows XP Service Pack 2 (SP1). To help improve the stability of your computer, Microsoft recommends that you remove the beta version of Windows XP SP1."

Recipients are told to "run the file winxp_sp1.exe in attach [sic] and make sure to restart your PC after installation," according to CA, Sophos, and others.

Sophos says it has received several reports of the Xombe Trojan program from customers.

Updates Available
Antivirus companies are offering updated virus definitions to spot Xombe and are providing instructions on removing Trojan programs from infected computers.

Microsoft frequently distributes security bulletins using e-mail, but never includes software updates as attachments, according to the company's Web site.

Most Microsoft software updates are made available through the Windows Update, Microsoft Office Update, or the Microsoft Download Center, the company says.

 

[Ernest_at_the_Beach]

Be careful with all the spam coming at you!

[Support Free Republic]

Rank	Location	Receipts	Donors/Avg		Freepers/Avg		Monthlies
54	Vermont	30.00	2	15.00	29	1.03	46.00	4

Thanks for donating to Free Republic!

Move your locale up the leaderboard!

[laweeks]

I'm still trying to get rid of something called "tooncomics" and "solongas" that even my daily-updated Semantic can't help me to get rid of or find. And I've followed their precise instructions twice. Windows XP customers should get a class action going for this swiss-cheese system.

I'm concerned about opening ANY email, even from friends and relatives.

[petuniasevan]

Never, never, NEVER open unsolicited email attachments! Even if it appears to come from a known source or is your brother's email addy.

My brother's email got infected and mailed me a worm. Luckily I have Norton and it was on that email in a nanosecond.

Of course I've seen the "attachment" emails several times. I always forward the info to the legitimate site being spoofed.

Be careful -- if in doubt, delete WITHOUT opening!

[petuniasevan]

Find a good anti-spyware program to remove them for you. A lot of these nasty little spywarez have (often hidden) files all over in your program files and other sensitive locales. One anti-spyware program I have tried and got good results with is Ad-Aware.

http://www.lavasoft.de/software/adaware/

[Ernest_at_the_Beach]

Do you have Norton?

I haven't heard of "tooncomics" and "solongas" .

Found this with Google's help:

ComputerCops forum

[Ernest_at_the_Beach]

Their Home page:

ComputerCops

[Paleo Conservative]

[drjoe]

Of course there is a solution for all this but simple self-preservation forbids me to say what it is. But you all know - as a recent article said it so well - the problem is a combination of the stockholm syndrome and cognitive dissonence.

[The Red Zone]

This particular virus is news, but the pattern of attack isn't news. My day of spam is not complete without at least half a dozen large binary "system updates" from "Microsoft."

[RightOnTheLeftCoast]

Hardly "breaking" or "news". I've been receiving a couple of these a week for a few months now.

But yes, be careful. Don't open unsolicited attachments without verifying from the sender wha they are.

[clee1]

Windows XP customers should get a class action going for this swiss-cheese system.

That's why I haven't upgraded since Win98SE; I was on the beta list for ME, 2000, and XP - everyone of them junk from a security standpoint. XP is more "stable" than 98 - but it is far too vulnerable to penetration/exploitation.

[Reaganwuzthebest]

That's why I haven't upgraded since Win98SE;

98SE is excellent, it's given me few problems over the years and is not a resource hog. They stopped servicing it this month but I don't care I'll be using it 20 years from now.

[rwfromkansas]

got the tooncomics from somewhere on the web.

I think I got rid of it, but am not positive even though virus scanners turn up nothing. I will have to run some online ones again just to make double sure, since as far as I know, viruses can't trick online scanners.

[philetus]

Spybot Search and Destroy FREE

http://www.safer-networking.org/

[clee1]

I have been around computers since the TRS-80 days - I've seen OS's and/or application packages come and go...

XP and its vulnerabilities rank right at the bottom of the list; along with DOS 5.0, Windows 3.0, OS/2 Warp, and Wordstar.

[cgk]

bttt

[Radioactive]

XP and its vulnerabilities rank right at the bottom of the list; along with DOS 5.0, Windows 3.0, OS/2 Warp, and Wordstar.

I love my Linux

[Tall_Texan]

At this point, couldn't we just conclude that anyone who falls for this deserves to be infected? I mean, really. How many times have we had e-mail viruses now and how many times have people been told never to open an .exe file that comes as an attachment unless you are sure of the sender? And how many times have we been warned about spoof e-mails that look like they come from banks, e-bay, PayPal and countless others? And, finally, has anyone ever been contacted by Microsoft regarding a security problem, ever? They always make you go find *them* to download any upgrades or solutions. Ok, I'm done ranting but this is the sort of stuff that can only snare the painfully unaware.

[clee1]

Did I mention that I'm a Unix admin by profession.

My Redhat 8.0 system is my predominantly-used one.

Windows is for games, wordprocessing, and graphics editing.