Trojan Poses As Plug And Play Patch - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Trojan Poses As Plug And Play Patch

A Trojan horse not connected to the Zotob blitz on vulnerable Windows 2000 PCs appears to be taking advantage of the scare by posing as a patch against the Microsoft bug.

A Trojan horse not connected to last week's Zotob blitz on vulnerable Windows 2000 PCs is nevertheless taking advantage of the scare, security researchers said Friday, by posing as a patch against the Microsoft bug.

A new variant of the Downloader Trojan presents itself as a patch for the vulnerability outlined in the MS05-039 bulletin Microsoft released earlier in August. That vulnerability was used by Zotob just days later to attack Windows 2000 machines, and may be used in the near future to break into some Windows XP systems.

"This is a new way of exploiting the Plug and Play vulnerability, in this case by making use of social engineering, a strategy already used to trigger significant epidemics in the past as it aims to trick users into running the file received," said Luis Corrons, the director of anti-virus vendor Panda Software's research arm, in a statement.

Like other bogus patch messages, the one bearing the Downloader.ejd Trojan spoofs the sending address -- in its case, "[email protected]" -- and uses the subject heading of "What You Need to Know About the Zotob.a Worm" to trick users into opening the file attachment.

That attached file is named "MS05-039.exe," which matches the Microsoft security bulletin, and so gives some credence that it may be legitimate.

If Downloader.ejd is installed, it tries to disable security applications, then downloads a file called "test.exe" which in turn contains another Trojan, "Agent.aii," that adds a keylogger to the PC. The keylogger tries to steal information sent through Web sites that include terms such as "pay," "e-gold" and "goldmoney."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Commentary
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll