15 Aug 2003
New Trojan horse disguised as Blaster worm fix - "Cheap confidence trick", says Sophos
Sophos has today updated its anti-virus software to protect
against the new Graybird Trojan.
Sophos's virus lab has seen an example of the backdoor Trojan
horse, which is being deliberately distributed, disguised as a
patch for the Microsoft Windows vulnerability, infamously exploited
by the currently spreading Blaster worm.
Sophos advises users never to trust security patches that come
attached to emails - even if they appear to come from reputable
sources. The correct place to download a patch from is the vendor's
website. In addition, under no circumstances should users forward
this type of message to their friends and colleagues, thinking they
are helping them. In the case of patching against the Blaster worm
vulnerability, users should visit Microsoft's website at windowsupdate.microsoft.com.
"Packaging Graybird as a Microsoft patch is a very devious
trick. Blaster is believed to have infected hundreds of thousands
of computers around the world, and this is a deliberate attempt to
exploit users' panic," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Never trust unsolicited
executable code that arrives via email. Businesses should consider
blocking all executable code at the email gateway so it cannot
reach their users."
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.