A new Trojan has emerged that preys off people's fears about the Blaster worm.
Graybird-A is a backdoor Trojan, which travels by e-mail, and purports to be an update to protect against the worm. If installed, it could allow outsiders access to infected systems, antivirus software vendor Sophos said in an advisory.
Normally, Graybird wouldn't likely garner much attention (or be particularly successful), but Blaster fears could make users fall prey since they're being bombarded with warnings about patching their systems.
Microsoft has had to take its patch download page down because the worm is set to launch a distributed denial-of-service attack on it on Aug. 16. The necessary patches are easy enough to find. There are multiple links to them on Microsoft's home page.
Experts always advise computer users to never install what purport to be patches attached to e-mails.
"Never trust unsolicited executable code that arrives via e-mail," said Chris Belthoff, senior security analyst at Sophos, Inc., in a statement. "Businesses should consider blocking all executable code at the e-mail gateway so it cannot reach their users."
The message carrying Graybird arrives looking like this:
Subject line: updated
Message text: Dear customer:
At 11:34 A.M. Pacific Time on August 13, Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm
Download the attached update program. To begin the download process, do one of the following:
To download the attached program to your computer for installation at a later time, click Save or Save this program to disk.then run it. If you have any problem, connect to us immediately.
Attached file: 03-26updated.exe
This is not the first time that a malware maker tapped fears about worms to get people to install malicious code. In March, W32/Gibe-A arrived as an attached executable to what appears to be an official Microsoft alert e-mail.
FOR MORE INFORMATION: