Sophos, a world leader in anti-virus and anti-spam protection
for businesses, has warned that a new Trojan is being sent to users
disguised as an email appearing to come from Microsoft.
The Trojan, known as Troj/Dloader-L,
pretends to come from windowsupdate@microsoft.com with the subject
line "Windows XP Service Pack 1 (Express) - Critical Update". It
contains a long, official-looking message body, claiming that an
unstable application has been detected and that the attached file
should be run in order to replace it.
If the attached file, a Trojan called winxp_sp1.exe, is
launched, it downloads another Trojan, called Troj/Mssvc-A, which is a
remotely configurable distributed denial-of-service Trojan. This
means that once the Mssvc-A Trojan has been installed, the computer
can be controlled by a third-party to attack websites whenever it
is connected to the internet, all without the owner's
knowledge.
"We have seen quite a few recent infectors that purport to come
from Microsoft," said Carole Theriault, security consultant for
Sophos. "The Dumaru and Gibe worms, both
mass-mailers that made the top ten viruses reported to Sophos
during 2003, managed to fool many innocent computer users into
believing they were official communications that should be
trusted."
Sophos recommends that companies consider blocking all programs
at their email gateway. It is rarely necessary to allow users to
receive programs via email from the outside world. There is so
little to lose, and so much to gain simply by blocking all emailed
programs, regardless of whether they contain viruses or not.
"Best practice for business should include automatic blocking of
all executable code at the email gateway," continued Theriault.
"Reputable companies do not send out files in this way, and users
should think twice before they click on unsolicited email
messages."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.