Our system detected that your browser is blocking advertisements on our site. Please help support Fans Focus by disabling any kind of ad blocker while browsing this site. Thank you.
Jump to content

Another Virus - X/P users !


Recommended Posts

I received this notification this afternoon and reproduce it, as received.

 

________________________

 

[color:"red"] A Trojan horse virus targeting users of Microsoft's latest

operating system, Windows XP, was sent by spammers this week.

Experts said the program, known as Trojan.Xombe could be used

to steal passwords or be used in conjunction with other systems to

conduct denial-of-service attacks that can cripple websites and networks.

In Detroit, television station WDIV reported that the Wayne County

Sheriff's Internet Crime Unit alerted computer users to the virus.

PERSONAL VIRUS PROTECTION

Xombe information

Free Microsoft MS03-039 Patch

Free Microsoft Blaster Patch

SoBig.F Removal Tool

Blaster Removal Tool

Download Virus Definitions

Other Virus Removal Tools

Securities Update Vault

REMEMBER: Don't open e-mail attachments that end in .vbs, .pif or

other unfamiliar extensions. Even if the e-mail appears to come from

a trusted source, it could be someone "spoofing" an address. Confirm

it's from who you think it's from before you open.

Sheriff Warren Evans said that Xombe was first detected Sunday. It

could mean that someone shopping on any online retail or banking

site unknowingly would be transferring his or her private information

to the person who sent the bogus e-mail.

"Our investigators are always on the lookout for the latest scams and

have learned that this Trojan horse was spammed out to a large number

of computers overnight," said Evans. "By using this approach, attackers

hope to infect hundreds, even thousands, of machines before users

realize what's up, or anti-virus companies can react with updated definition

files. "

The Symantec Corp, which produces virus protection software, lists

the virus as a Level 2 threat, its second highest. Unlike some Trojan

horses, this one is not believed to be self-replicating.

Here's how the scam works:

The faux message, which contains a fake sending address of

windowsupdate@microsoft.com , uses the subject line "Windows XP

Service Pack 1 (Express)--Critical Update" to trick recipients into opening

the attached file.

"Window [sic] Update has determined that you are running a beta version

of Windows XP Service Pack 1 (SP1)," the message's text reads in part.

"To help improve the stability of your computer, Microsoft recommends that

you remove the beta version of Windows XP SP1 and re-install Windows

XP SP1." The message goes on to urge the user to run the winxp_sp1.exe

file attachment to re-install SP1, and recommends that anti-virus software

be disabled, as it "may interfere with the installation."

More info on Xombe here, from Norton's site.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html

Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.

The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

From: windowsupdate@microsoft.com

Subject: Windows XP Service Pack 1 (Express) - Critical Update.

Attachment: winxp_sp1.exe(4,096 KB)

----------

Be aware that Norton's automatic virus definition for this Trojan won't be available till tomorrow. Make sure you carry out an update of your virus checker tomorrow. So, never open attachments that seem to come from Microsoft - Microsoft *never* send out attachments anyway... All Critical Updates are *always* done online via the Windows Update site. [color:"black"]

 

J.R.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...