New Trojan horse disguised as Blaster worm fix - "Cheap confidence trick", says Sophos

Sophos Press Release

Sophos has today updated its anti-virus software to protect against the new Graybird Trojan. Sophos's virus lab has seen an example of the backdoor Trojan horse, which is being deliberately distributed, disguised as a patch for the Microsoft Windows vulnerability, infamously exploited by the currently spreading Blaster worm.

Sophos advises users never to trust security patches that come attached to emails - even if they appear to come from reputable sources. The correct place to download a patch from is the vendor's website. In addition, under no circumstances should users forward this type of message to their friends and colleagues, thinking they are helping them. In the case of patching against the Blaster worm vulnerability, users should visit Microsoft's website at

"Packaging Graybird as a Microsoft patch is a very devious trick. Blaster is believed to have infected hundreds of thousands of computers around the world, and this is a deliberate attempt to exploit users' panic," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Never trust unsolicited executable code that arrives via email. Businesses should consider blocking all executable code at the email gateway so it cannot reach their users."

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at