On CBSNews.com: Can 365 Nights Of Sex Fix A Marriage?
BNET Business Network:
BNET
TechRepublic
ZDNet
61 TalkBacks

By Munir Kotadia
Posted on ZDNet News: Jan 12, 2004 5:48:00 PM

An e-mail disguised as a message from Microsoft's security team contains a dangerous Trojan horse called Xombe.

Xombe, also known as Trojan.Xombe, Downloader-GJ and Troj/Dloader-L, was being distributed on Friday. It poses as a critical update for the Windows XP operating system. When executed, it attempts to download a malicious backdoor component from the Web.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

It appears to be an imitation of one of last year's most successful worms, the mass-mailed Swen, which also masqueraded as a security warning from Microsoft.

However, Xombe has yet to repeat the success of Swen. While the former failed to make the top 10 threats intercepted by e-mail security company MessageLabs on Monday morning, Swen was at No. 2, with some 7,000 instances captured in the past 24 hours.

Ken Dunham, malicious code intelligence manager at security company iDefense, said that the success of Swen has encouraged virus writers to create e-mails and Web sites that appear official in order to fool more people into executing malicious code.

The e-mail, which appears to have been sent from windowsupdate@microsoft.com, has the subject line "Windows XP Service Pack 1 (Express) - Critical Update" and directs users to execute the attachment, called winxp_sp1.exe, in order to fix some vulnerabilities in Microsoft's Internet Explorer, Outlook and Outlook Express.

Dunham said that once executed, the attachment downloads a file called msvchost.exe that alters the Windows Registry and opens certain ports in order to listen out for commands from a hacker.

Most antivirus companies have already updated their signatures, but users without up-to-date antivirus applications could be infected, helping the Trojan's author to take control of large numbers of PCs. Dunham said that once a "large army of zombie computers" has been built up, attackers could use them for serious crimes such as ID theft and banking fraud.

Microsoft was not immediately available to comment.

Although Xombe is only likely to be opened by Windows XP users, it affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows Server 2003 systems, as well as Windows XP, according to security company Symantec.

Munir Kotadia of ZDNet UK reported from London.

  • Talkback
  • Most Recent of 61 Talkback(s)
Do airlines even report their software issues?
I know that have to track their hardware failings and the interference of passenger devices that cause electrical/magnetic problems. Oh well, if only the planes were made out of the little black boxes.... (Read the rest)
Posted by: FilledOut Posted on: 01/15/04 You are currently: Logged In as: a Guest  | Login | Terms of Use
Do NOT open unknown attachements!  No_Ax_to_Grind | 01/12/04
Do NOT use an OS that treats security as an afterthought!  MarcB_z | 01/12/04
Bad practices  d_jedi | 01/12/04
Bad practices  MarcB_z | 01/12/04
Bad Practice Code?  SublimeDaze | 01/13/04
Everybody using them?  MarcB_z | 01/13/04
Very useful  d_jedi | 01/13/04
Especially for Macro-Virus Writers  MarcB_z | 01/13/04
Apparently more than we already have  doctormoriarty | 01/12/04
Sadly, you are right.  No_Ax_to_Grind | 01/12/04
For once, I agree.  Damon K | 01/12/04
Some ISPs do that  voska | 01/12/04
BECAUSE....  MarcB_z | 01/14/04
why?  stephen732@... | 01/12/04
maybe it's because...  eromitlab | 01/12/04
Come on people!  X Marks The Spot | 01/12/04
it's simple, really...  eromitlab | 01/13/04
exactly!  stephen732@... | 01/13/04
Before the screaming starts...  Netizen Kane | 01/12/04
I have nothing to scream about...  prime21 | 01/12/04
blah blah blickity blah  nikoli | 01/12/04
I have nothing to scream about...  Loverock Davidson | 01/12/04
Does Linux...  MarcB_z | 01/12/04
Does Linux..  d_jedi | 01/12/04
Ah, good, at least we agree  MarcB_z | 01/12/04
Somewhat..  d_jedi | 01/12/04
Huh?  Damon K | 01/12/04
Explanation  d_jedi | 01/12/04
your points  ryusen | 01/12/04
Does Windows..  d_jedi | 01/12/04
Oh really?  MarcB_z | 01/12/04
Not exactly  IT_User | 01/12/04
i disagree  ryusen | 01/12/04
I disagree  MarcB_z | 01/12/04
i partially agree  ryusen | 01/12/04
(nt) Damn right  d_jedi | 01/12/04
It's two issues  IT_User | 01/12/04
US courts are stupid.  d_jedi | 01/12/04
The fact is, the family was allowed to bring the case  IT_User | 01/12/04
Myths and misrepresentations about the McD's lawsuit  tic swayback | 01/12/04
Sorry Netizen  peculiar | 01/12/04
Doesn't hold water  Netizen Kane | 01/12/04
If you're going to paraphrase, do it accurately  IT_User | 01/13/04
Yes, and I can still roll an Explorer !  Netizen Kane | 01/13/04
stupid microsoft...  ryusen | 01/12/04
MS Bashers need to get a life  DragonBRockin | 01/12/04
MS Basher Bashers need to get a life  MarcB_z | 01/12/04
riddle me this?  Ployd_Farker | 01/12/04
look around...  ryusen | 01/12/04
Reading this forum  nite_w0lf | 01/12/04
yes, several things do  peculiar | 01/12/04
Since it is a Monopoly....  peculiar | 01/12/04
heh. that's nothing new.  princessangry | 01/13/04
Sing Us a Song We Haven't Heard Yet  SublimeDaze | 01/13/04
Common Sense  MarcB_z | 01/13/04
My Bad  SublimeDaze | 01/13/04
Willing to bet you will see more responsible actions  MarcB_z | 01/13/04
Wrong forum for common sense  FilledOut | 01/15/04
OS's and airplanes  sarteano@... | 01/13/04
You might be interested to know  MarcB_z | 01/13/04
Do airlines even report their software issues?  FilledOut | 01/15/04

What do you think?

advertisement
advertisement
advertisement
Click Here