Article

Trojan preying on Blaster hits inboxes

Edward Hurley, SearchSecurity.com News Writer

A new Trojan has emerged that preys off people's fears about the Blaster worm.

Graybird-A is a backdoor Trojan, which travels by e-mail, and purports to be an update to protect against the worm. If installed, it could allow outsiders access to infected systems, antivirus software vendor Sophos said in an advisory.

Normally, Graybird wouldn't likely garner much attention (or be particularly successful), but Blaster fears could make users fall prey since they're being bombarded with warnings about patching their systems.

Microsoft has had to take its patch download page down because the worm is set to launch a distributed denial-of-service attack on it on Aug. 16. The necessary patches are easy enough to find. There are multiple links to them on Microsoft's home page.

Experts always advise computer users to never install what purport to be patches attached to e-mails.

"Never trust unsolicited executable code that arrives via e-mail," said Chris Belthoff, senior security analyst at Sophos, Inc., in a statement. "Businesses should consider blocking all executable code at the e-mail gateway so it cannot reach their users."

The message carrying Graybird arrives looking like this:

Subject line: updated

Message text: Dear customer:

At 11:34 A.M. Pacific Time on August 13, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm

    Requires Free Membership to View

has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

Download the attached update program. To begin the download process, do one of the following:

To download the attached program to your computer for installation at a later time, click Save or Save this program to disk.then run it. If you have any problem, connect to us immediately.

Attached file: 03-26updated.exe

This is not the first time that a malware maker tapped fears about worms to get people to install malicious code. In March, W32/Gibe-A arrived as an attached executable to what appears to be an official Microsoft alert e-mail.

FOR MORE INFORMATION:

Featured Topic on Blaster-A

Experts recommend Blaster fix

Microsoft security bulletin MS03-026


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: