Trojan preying on Blaster hits inboxes

Graybird-A disguises itself as an update protecting against the worm. In reality, it could let attackers access your system.

A new Trojan has emerged that preys off people's fears about the Blaster worm.

Graybird-A is a backdoor Trojan, which travels by e-mail, and purports to be an update to protect against the worm. If installed, it could allow outsiders access to infected systems, antivirus software vendor Sophos said in an advisory.

Normally, Graybird wouldn't likely garner much attention (or be particularly successful), but Blaster fears could make users fall prey since they're being bombarded with warnings about patching their systems.

Microsoft has had to take its patch download page down because the worm is set to launch a distributed denial-of-service attack on it on Aug. 16. The necessary patches are easy enough to find. There are multiple links to them on Microsoft's home page.

Experts always advise computer users to never install what purport to be patches attached to e-mails.

"Never trust unsolicited executable code that arrives via e-mail," said Chris Belthoff, senior security analyst at Sophos, Inc., in a statement. "Businesses should consider blocking all executable code at the e-mail gateway so it cannot reach their users."

The message carrying Graybird arrives looking like this:

Subject line: updated

Message text: Dear customer:

At 11:34 A.M. Pacific Time on August 13, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Download the attached update program. To begin the download process, do one of the following:

To download the attached program to your computer for installation at a later time, click Save or Save this program to disk.then run it. If you have any problem, connect to us immediately.

Attached file: 03-26updated.exe

This is not the first time that a malware maker tapped fears about worms to get people to install malicious code. In March, W32/Gibe-A arrived as an attached executable to what appears to be an official Microsoft alert e-mail.

FOR MORE INFORMATION:

Featured Topic on Blaster-A

Experts recommend Blaster fix

Microsoft security bulletin MS03-026

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close