Results 1 to 9 of 9

Thread: Warning :Do not patch your windows XP!

  1. #1

    Exclamation Warning :Do not patch your windows XP!

    I have receive number of email from Microsoft about patching my system, based of my experiences, I know it sounds fishy, because Microsoft will NEVER attached file in their email. So , I did a search and found something, please read. Since this is pretty critical, I will stick this topic for a week.

    Trojan Horse Poses As Windows XP Update



    By Gregg Keizer, TechWeb News

    A new Swen-style Trojan horse posing as a critical update from Microsoft has been detected on the Internet, and users who open the e-mail message may find their machines loaded with a back-door Trojan that can steal passwords or be used in conjunction with other systems to conduct major denial-of-service (DoS) attacks.
    Dubbed Trojan.Xombe (as in zombie) by most security firms, the Trojan shares some characteristics of the Swen worm family in that it masquerades as a message from Microsoft and purports to carry a security update in its file attachment. However, unlike Swen -- a worm which first appeared last September -- Trojan.Xombe doesn't self-replicate.

    "This Trojan was spammed out to a large number of computers overnight," said Ken Dunham, the director of malicious code at iDefense, a Reston, Va.-based security intelligence firm. By using spamming strategies, attackers hope to infect hundreds, even thousands, of machines before users realize what's up, or anti-virus companies can react with updated definition files.

    The faux message, which sports a spoofed sending address of windowsupdate@microsoft.com, uses the subject line 'Windows XP Service Pack 1 (Express) -- Critical Update' to trick recipients into opening the attached file.

    "Window [sic] Update has determined that you are running a beta version of Windows XP Service Pack 1 (SP1)," the message's text reads in part. "To help improve the stability of your computer, Microsoft recommends that you remove the beta version of Windows XP SP1 and re-install Windows XP SP1." The message goes on to urge the user to run the winxp_sp1.exe file attachment to re-install SP1, and recommends that anti-virus software be disabled, as it "may interfere with the installation."

    Lies. All lies.

    "The Trojan definitely downloads malicious code and installs it on the system," confirmed Dunham. By his analysis, Trojan.Xombe downloads a back-door IRC Trojan horse to the compromised machine. Once that's installed, attackers can access the PC undetected, add other code to the computer -- such as key trackers for acquiring passwords -- and use the machine to launch DoS attacks on other machines.

    Trojan.Xombe, and socially engineered attacks like it -- including phishing expeditions such as the MiMail worm, another exploit that pretends to be something it isn't in the hope that people will open the file attachment -- are the confirmation security professionals were looking for that 2004 will be a rough, rocky year.

    "Attackers use the social engineering trends of the moment," said Vincent Weaver, senior director of Symantec's security response center. Touting a security update is only natural for hackers, he added, what with the increased awareness of many computer users of ongoing security issues with Windows.

    Trojan.Xombe is also a good example of another trend first spotted in 2003, but certain to continue this year, said Dunham.

    "Trojans are being integrated into almost every piece of malicious code," he said. More than anything, hackers today want to amass an army of compromised machines -- typically called zombies -- that they can then use for other purposes.

    "A lot of people are worried about the next super worm," he said, "but that's not the real threat we'll see in 2004. The real threat is in Trojan horses. The goal of attackers is really about Trojans and remote control of other computers, for stealing passwords and targeted DoS attacks. It's not about fun and notoriety anymore. It's about money and power."

    Security firms, including Symantec, Network Associates, and Sophos, have posted alerts on their Web sites warning users of Trojan.Xombe, but disagree on the severity of the problem. Symantec, for instance, currently ranks the Trojan as a level '2' threat in its 1 through 5 rating system, while Network Associates tags Xombe with a 'low' threat assessment.

    The best defense against bogus e-mails carrying nasty payloads? "A lot of people see an e-mail and think that it's true," said Dunham. "But everything should be looked at with a degree of skepticism and concern, rather than trust."

    Symantec's Weafer also reminded users that Microsoft never delivers security updates via e-mail, and urged people to scan suspicious messages for tell-tale signs of a scam, such as misspelled words and awkward syntax, both of which are evident in the message loaded with Trojan.Xombe.


    http://www.networkingpipeline.com/se...cleId=17300256
    Last edited by ninelives; 17th January 2004 at 03:35 AM.
    Objection !!!

  2. #2

    Default

    All malicious fakes.

    In general, never run any executable, VB Scripts, or batch files in your email.

    In fact, even when I get one of those "jokes" emails from a known email, such as from friends and colleagues with a supposedly humourous attachment, I just delete them. I can stand to miss a couple of jokes, but I can't risk a trojan or worm attack.

    You should also make your Outlook or Outlook Express zone as a untrusted zone, and set its security way up.

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Location
    Perth Australia
    Posts
    2,548

    Default

    Quote Originally Posted by chriszzz
    You should also make your Outlook or Outlook Express zone as a untrusted zone, and set its security way up.
    Better yet, uninstall Outlook and use an old text based email client like Eudora 3 pro which is invunerable to any script based trojans etc doing the rounds. The only drawback is that they are a purely text based client, so there's no pretty bandwidth wasters like background images, emoticons etc....
    The Ang Moh from Hell
    Professional Photography - many are called, few are chosen!

  4. #4
    Member
    Join Date
    Dec 2002
    Location
    a.little.red.dot
    Posts
    208

    Default

    If you have a web-based email, better use it than using outlook to read your email. There were many cases where email virus only affect user using outlook or outlook express. By using web-based, the virus infection will be limited.

  5. #5
    Deregistered
    Join Date
    Dec 2002
    Location
    Planet Nikon
    Posts
    21,905

    Default

    Anybody still using Pine?

  6. #6

    Default

    I usually do not open any unsolicited attachments, even from friends, especially those cute but time-and-bandwidth-wasting greetings. If there seems to be an important attachment, I will email back and ask for a confirmation that he/she really did send me a (virus-free) attachment before I open it.

    Windows update (directly from the site, not via email) is not bug free. Earlier this week, I did an update, after which I kept getting an error message about being unable to open a procedure GSIUM or something which was not found in MSDART.DLL. It seems the update corrupted one of my files, and I needed to re-install MDAC 2.8 (some database thing downloadable from microsoft site) before it solved the problem. The next day there was another update from Microsoft, presumably to correct their error.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Location
    South Pole with Penguin
    Posts
    5,270

    Default



    Anyone still remember the launch of WinXP in Orchard?

  8. #8
    Member
    Join Date
    Dec 2002
    Location
    a.little.red.dot
    Posts
    208

    Default

    What happen to that guy? Carrying a small banner approached by police. So sad. Linux Rox

  9. #9

    Default

    Quote Originally Posted by hanoman
    If you have a web-based email, better use it than using outlook to read your email. There were many cases where email virus only affect user using outlook or outlook express. By using web-based, the virus infection will be limited.
    The choice of the email client, whether HTML (web based ) or others like Mozilla/Netscape, will reduce your chances of an infection by a good margin, simply by eliminating those VBS virii.

    However, all email clients are still vulnerable to virii/trojans in the form of attached executables, because these prey on the tendency of the uninformed to open all attachments indiscriminately. I work in a IT company, and its surprising how often people in the company get struck by a virus despite being mostly IT professionals. Imagine the average Joe Clueless User.

    So the best policy is just to be wary of all attachments. Its a jungle out there, and the next attachment could be a tiger !

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •