RealTime IT News

Another Microsoft Patch, Another Masquerade

Trying to capitalize on the latest mega-patch released last week by Microsoft, a strain of the SWEN/Gibe virus is once again posing as a Microsoft security patch in an effort to trick users into running a so-called Trojan Horse that opens up computers to remote attacks.

But what makes this deceptive e-mail more dangerous this time is that it poses as one of the actual Microsoft patches released last week, security patch No. MS03-047.

"So, this Trojan is just jumping on the bandwagon of trying to get code distributed via social engineering," explained Ken Durham, Malicious Code Intelligence Manager for Virginia-based iDefense.

"The Swen worm shows how effective this type of socially engineered attack can be, continuing to spread to thousands of computers still today."

Durham told internetnews.com that while Swen (formerly known as W32.Swen.A@mm or W32.Gibe.B@mm) was slow moving at first, it has proliferated nearly 3 million times since late September with small- and home-offices as well as the Far East region proving to be most vulnerable.

Part of the problem is that Swen arrives in the inbox as a .ZIP file that needs to be executed and many companies still allow .ZIP files through the firewall.

Durham said this new Trojan is actually a variant of the SDBot Trojan horse family that provides the attacker with complete backdoor access to a compromised computer. MessageLabs has given an initial name to this new threat, Troj/Sdbot.R, aka SDBot.R.

As previously reported, Microsoft said it never e-mails software patches.