Security companies are warning Internet users about a new Trojan horse
program spreading via spam e-mail and masquerading as a Windows XP
software update from Microsoft Corp.
The program, known as Xombe or Dloader-L, arrives as an executable
attachment in spam e-mail messages purporting to come from
windows update @ microsoft.com and installs itself on victim's computers
when users open the attachment.
Once installed, Xombe connects to a Web site, then downloads and
installs another program, called Mssvc-A, which is a Trojan horse
program that conscripts victim computers in distributed
denial-of-service attacks against Web pages, according to antivirus
company Sophos PLC.
Xombe is considered a low risk by most antivirus companies, including
Sophos, Computer Associates International Inc. and Symantec Corp. The
program is not a worm or virus and can't make copies of itself.
Instead, it is distributed via spam.
The spam messages read in part, "Window Update has determined
that you are running a beta version of Windows XP Service Pack 2. To
help improve the stability of your computer, Microsoft recommends that
you remove the beta version of Windows XP SP1."
Recipients are told to "run the file winxp_sp1.exe in attach [sic] and
make sure to restart your PC after installation," according to CA,
Sophos and others.
Sophos said it has received several reports of the Xombe Trojan
program from customers.
Antivirus companies offered updated virus definitions to spot Xombe
today and provided instructions on removing Trojan programs from
infected computers.
Microsoft frequently distributes security bulletins using e-mail but
never includes software updates as attachments, according to the
company's Web site.
Most Microsoft software updates are made available through the Windows
Update, Microsoft Office Update or the Microsoft Download Center, the
company said.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.