A new Trojan, “Xombe,” was released into the wild on Friday, January 9, which claims to be a critical patch from Microsoft. According to iDefense, the Trojan was purposely coded to try to avoid detection by anti-virus software.
The Trojan has a message subject that reads, “Windows XP Service Pack 1 (Express) - Critical Update” with a sender email address of “Windowsupdate@microsoft.com”. The message contains a file attachment and the message body urges users to run the attached file to eliminate all known vulnerabilities in Internet Explorer, Outlook, and Outlook Express. When run the Trojan attempts to download software from a remote site and if successful installs a backdoor into the user's computer.
As you know, Microsoft said that it will never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.
please tell me more about this it is installed on my machine but I guess i am not noticing it because my machine is highly secured and the programming languages havent complained thanx
Do we not know any filenames this thing (xombe) might leave? Or any way of stopping it?
pfg.
I have WinXP Pro with auto-update enabled. I don't update via email. So this shouldn't be an issue.
I don't do any email updates either. but sure got something from somewhere. It shuts down computer in 60 seconds with NT authority\system. Also Remote Procedure Call{RPC} Service Terminated can't stay on line long enough to download any kind of a fix. This is the longest I've been on line for.
Yeah i had the RPC error too once. I fixed the problem by reformatting my hard-drive and reinstalling WinXP. then i found two other friends with the same problem, and did the same to their computers. if you need to stay on your computer, you should be able to abort the 60 second shutdown procedure by going to Start, Run, then type "cmd" (no quotes) to go to Command Prompt.. from there, type "shutdown -a" i hope this helped! if so, get back to me and i'll post this info on other forums to help other people.
Nathan - iamsocanadian_eh@hotmail.com
Register
