Friday, August 26, 2005

Trojan Poses As Plug And Play Patch

Via TechWeb News.

A Trojan horse not connected to last week's Zotob blitz on vulnerable Windows 2000 PCs is nevertheless taking advantage of the scare, security researchers said Friday, by posing as a patch against the Microsoft bug.

A new variant of the Downloader Trojan presents itself as a patch for the vulnerability outlined in the MS05-039 bulletin Microsoft released earlier in August. That vulnerability was used by Zotob just days later to attack Windows 2000 machines, and may be used in the near future to break into some Windows XP systems.

"This is a new way of exploiting the Plug and Play vulnerability, in this case by making use of social engineering, a strategy already used to trigger significant epidemics in the past as it aims to trick users into running the file received," said Luis Corrons, the director of anti-virus vendor Panda Software's research arm, in a statement.

Like other bogus patch messages, the one bearing the Downloader.ejd Trojan spoofs the sending address -- in its case, "update@microsoft.com" -- and uses the subject heading of "What You Need to Know About the Zotob.a Worm" to trick users into opening the file attachment.

0 Comments:

Post a Comment

<< Home