Ask PC Experts - Latest news via sources.
Virus writers are never out of jobs. In October itself they have come up with a new way to lure all Internet users. They have disguised a Trojan as a Microsoft Security update. When the user clicks on the spoof Microsoft Security update email link, they allow a Trojan horse to sit inside the machine allowing the remotely located resource to control it. To convince the users, there is also a EULA screen where the customer has to agree to the terms and conditions.
Here’s what you get if you have the email:
IP(s)/Domains(s): 66.49.184.119 (No WHOIS available)
URL(s): http://66.49.184.119/Windows-KB899588-x86-ENU.exe
Recommend Block?: Yes - For the time being
Description
Our first trojan write-up since we’ve been gone. This trojan uses a “Windows Update” spam as its lure. The email sent out reads:
Subject: Critical security update available
Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Summary:
Who should receive this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:
Affected Software:
• Microsoft Windows 2000 Service Pack 4 - Download the update
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Download the update
• Microsoft Windows XP Professional x64 Edition - Download the update
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 - Download the update
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Download the update
• Microsoft Windows Server 2003 x64 Edition - Download the update
Non-Affected Software:
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Executive Summary:
This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Conclusion: We recommend that customers apply the update immediately.
© 2005 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
The filename to beware about is Wupdate-20050401.exe. All Internet users are requested to be careful about such emails and spam efforts passing under the name of Microsoft.
To know more about VIrus Problem Solutions and to select the Computer Security for your system check with us at ASK PC EXPERTS.
