Sophos has today updated its anti-virus software to protect
against the new Graybird Trojan.
Sophos's virus lab has seen an example of the backdoor Trojan
horse, which is being deliberately distributed, disguised as a
patch for the Microsoft Windows vulnerability, infamously exploited
by the currently spreading Blaster worm.
Sophos advises users never to trust security patches that come
attached to emails - even if they appear to come from reputable
sources. The correct place to download a patch from is the vendor's
website. In addition, under no circumstances should users forward
this type of message to their friends and colleagues, thinking they
are helping them. In the case of patching against the Blaster worm
vulnerability, users should visit Microsoft's website at windowsupdate.microsoft.com.
"Packaging Graybird as a Microsoft patch is a very devious
trick. Blaster is believed to have infected hundreds of thousands
of computers around the world, and this is a deliberate attempt to
exploit users' panic," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Never trust unsolicited
executable code that arrives via email. Businesses should consider
blocking all executable code at the email gateway so it cannot
reach their users."