Trojan Poses As Plug And Play Patch - InformationWeek
IoT
IoT
News
News
8/26/2005
01:20 PM
50%
50%
RELATED EVENTS
Adopting Cloud the Right Way
Jun 14, 2017
Adopting a cloud mindset isn't about IT relinquishing all control and just approving invoices. It' ...Read More>>

Trojan Poses As Plug And Play Patch

A Trojan horse not connected to the Zotob blitz on vulnerable Windows 2000 PCs appears to be taking advantage of the scare by posing as a patch against the Microsoft bug.

A Trojan horse not connected to last week's Zotob blitz on vulnerable Windows 2000 PCs is nevertheless taking advantage of the scare, security researchers said Friday, by posing as a patch against the Microsoft bug.

A new variant of the Downloader Trojan presents itself as a patch for the vulnerability outlined in the MS05-039 bulletin Microsoft released earlier in August. That vulnerability was used by Zotob just days later to attack Windows 2000 machines, and may be used in the near future to break into some Windows XP systems.

"This is a new way of exploiting the Plug and Play vulnerability, in this case by making use of social engineering, a strategy already used to trigger significant epidemics in the past as it aims to trick users into running the file received," said Luis Corrons, the director of anti-virus vendor Panda Software's research arm, in a statement.

Like other bogus patch messages, the one bearing the Downloader.ejd Trojan spoofs the sending address -- in its case, "update@microsoft.com" -- and uses the subject heading of "What You Need to Know About the Zotob.a Worm" to trick users into opening the file attachment.

That attached file is named "MS05-039.exe," which matches the Microsoft security bulletin, and so gives some credence that it may be legitimate.

If Downloader.ejd is installed, it tries to disable security applications, then downloads a file called "test.exe" which in turn contains another Trojan, "Agent.aii," that adds a keylogger to the PC. The keylogger tries to steal information sent through Web sites that include terms such as "pay," "e-gold" and "goldmoney."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll