General Discussions => Testing. 1, 2, 3... => Topic started by: Mysterious Benefactor on January 13, 2004, 07:00:48 AM

Title: Newest Trojan: Disguised To Do Damage
Post by: Mysterious Benefactor on January 13, 2004, 07:00:48 AM
Security experts warn that, thanks to its disguise, a new trojan horse program has the potential to infect a large number of computers quickly.

Read the story. (http://www.eweek.com/article2/0,4149,1429886,00.asp?kc=EWNWS011204DTX1K0000599)
Title: Re:Newest Trojan: Disguised To Do Damage
Post by: Josette on January 13, 2004, 08:01:25 AM
Wow!  After quite a long time without updates - the update icon appeared tonight with a whole bunch of seemingly critical files.  It's taking forever.  I think it's been a couple of hours and is just 85% complete now.  Fortunately I'm up late enough to finish it!!

So, when I read that, I got a bit worried!!  However, I didn't get an e-mail, this is the regular Windows Update that pops up on the taskbar, so I assume I'm safe!!!
Title: Re:Newest Trojan: Disguised To Do Damage
Post by: Mysterious Benefactor on January 15, 2004, 12:29:13 AM
this is the regular Windows Update that pops up on the taskbar, so I assume I'm safe!!!

Not necessarily. From what I've read today, the updates that Microsoft just made available deal with other issues in its software as well as the Blaster and Nachi worms. I don't believe they address the new Xombe/Downloader trojan horse.

This is some of the info from eWEEK's Web site's warning:

Xombe arrives in an e-mail from the address windowsupdate@microsoft.com with a subject line of "Windows XP Service Pack 1 (Express)-Critical Update." The attachment is named "winxp_sp1.exe." According to an analysis of the program done by Computer Associates International Inc., the body of the message reads:

"Window Update has determined that you are running a beta version of Windows XP Service Pack 1 (SP1). To help improve the stability of your computer, Microsoft recommends that you remove the beta version of Windows XP SP1 and re-install Windows XP SP1. If you cannot remove the beta version, you should still reinstall Windows XP SP1.

Windows XP SP1 provides the latest security, reliability, and performance updates to the Windows XP family of operating systems. Windows XP SP1 is designed to ensure Windows XP platform compatibility with newly released software and hardware, and includes updates to resolve issues discovered by customers or by Microsoft's internal testing team.

The maximum download size is approximately 3 MB, however, the size of the download and time required may be less for computers that have had updates previously installed.

To minimize the download time needed for installation, setup will only download those files which are required to bring your computer up to date. Windows XP SP1 includes Internet Explorer 6 SP1. Anti-virus software programs may interfere with the installation of Windows XP SP1. Please disable anti-virus software while installing the service pack.

Just run the file winxp_sp1.exe in attach and make sure to restart your PC after installation will be completed."

So, that's what anyone using Win2K or WinXP should be wary of should it show up in their mailbox.
Title: Re:Newest Trojan: Disguised To Do Damage
Post by: Josette on January 15, 2004, 06:00:03 AM
I didn't mean that I was necessarily safe from getting this trojan, but since I was already downloading an update, for a moment I wondered if it was the bad program.  But, since it was the "regular" update and not something I was directed to by an e-mail, I figured it was safe to have downloaded it.

Meanwhile, there were still more updates last night!!  At that point it was too late, so I told it to remind me the next day.
Title: Re:Newest Trojan: Disguised To Do Damage
Post by: Patti Feinberg on January 15, 2004, 01:09:43 PM
Josette, do you know why there's so many updates???

I have it on mine too; but I'm never sure/never have the time....


What does it update?
Title: Re:Newest Trojan: Disguised To Do Damage
Post by: Josette on January 16, 2004, 05:59:53 AM
Patti, I don't really know!  When one clicks on the update icon, they list the various items and explain what they do.  Usually they say that someone could access files on your computer, etc.  It always sounds terrible, so I'd be afraid not to get them!

The group the other night was huge.  There were at least 5 items and it took forever.  As soon as I finished posting the last item, it was midnight, and my reminder for the additional ones came!  I think there were just 2 that time and it didn't take tooooo long.

Tonight there was another one!!  This time it mentioned the problem coming in an e-mail and possibly taking one to a "false" site, so I'm guessing that it might be addressing the problem from this trojan that MB told us about.