Another Microsoft Patch, Another Masquerade
Another virus posing as a patch from Microsoft, which never issues security patches via e-mail, is actually a Trojan Horse, experts warn.
Trying to capitalize on the latest mega-patch released last week by Microsoft, a strain of the SWEN/Gibe virus is once again posing as a Microsoft security patch in an effort to trick users into running a so-called Trojan Horse that opens up computers to remote attacks.
But what makes this deceptive e-mail more dangerous this time is that it poses as one of the actual Microsoft patches released last week, security patch No. MS03-047.
"So, this Trojan is just jumping on the bandwagon of trying to get code distributed via social engineering," explained Ken Durham, Malicious Code Intelligence Manager for Virginia-based iDefense.
Durham told internetnews.com that while Swen (formerly known as W32.Swen.A@mm or W32.Gibe.B@mm) was slow moving at first, it has proliferated nearly 3 million times since late September with small- and home-offices as well as the Far East region proving to be most vulnerable.
Part of the problem is that Swen arrives in the inbox as a .ZIP file that needs to be executed and many companies still allow .ZIP files through the firewall.
Durham said this new Trojan is actually a variant of the SDBot Trojan horse family that provides the attacker with complete backdoor access to a compromised computer. MessageLabs has given an initial name to this new threat, Troj/Sdbot.R, aka SDBot.R.
As previously reported, Microsoft said it never e-mails software patches.