05 March 2005

A Small Warning...

The following is shared with the kind permission of Anne Docwras:
Watch out for this one...
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

Hi folks,

I've just intercepted two mails on two different mailboxes purportedly coming from Microsoft and claiming to be a patch to keep you safe from Trojans. The messages are *very* small, only 4kb so you may be fooled into thinking they're safe - they aren't! They have a small self-extracting executable file called update_3032005.exe attached.

From the file name this looks like something *very* new - and the fact that it sailed straight passed the my mailbox's server a/v scanner without so much as raising an eyebrow, never mind a virus alert, makes me think it'll catch a few folks unawares. :(

The "From" address on both these is @microsoft.com but they aren't. If you see one *don't* download it if you can avoid doing so - as it's a self-extracting executable you may not even have to click to open the attachment to be infected. Please be
careful! (Now may be a good time to download and install Mailwasher if you don't already use it!)
UPDATE: I have sent a copy of the file to my a/v people (NOD32) and they have identified it as the Win32/TrojanDownloader.Small.DC trojan so the a/v definitions should include it soon.



No comments: