A new Trojan, “Xombe,” was released into the wild on Friday, January 9, which claims to be a critical patch from Microsoft. According to iDefense, the Trojan was purposely coded to try to avoid detection by anti-virus software.
The Trojan has a message subject that reads, “Windows XP Service Pack 1 (Express) - Critical Update” with a sender email address of “[email protected]”. The message contains a file attachment and the message body urges users to run the attached file to eliminate all known vulnerabilities in Internet Explorer, Outlook, and Outlook Express. When run the Trojan attempts to download software from a remote site and if successful installs a backdoor into the user's computer.
As you know, Microsoft said that it will never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.