Lions and Tigers and Bears, Oh My! - Part1

by Robin Laudanski, AKA IACOJ
June 2, 2004

Most of us probably remember those timeless words from the Wizard of Oz. Life ran at a slower pace then. Computers were the size of Semi-trailers and only the government or the most advanced corporations had them. There was little thought given to the need of security on the net, because there was no public Internet. In point of fact little consideration was given to security, until it became painfully apparent there was a problem. There is no doubt we aren't in Kansas anymore: Lions and Tigers and Bears have been replaced by Trojans and Viruses and Worms... Oh My!

Sophos enews:

the newswire which brings you up-to-the-minute
reports on anti-virus and anti-spam issues, new Sophos products
and enhancements.

=======================
In this edition:

BAGLE WORM SPREADS ACROSS NET, DISGUISED AS TEST EMAIL

TROJAN PHISHES FOR CASH. WOULD YOU TAKE THE BAIT?

WEB SEMINAR: AN INTRODUCTION TO PUREMESSAGE

WIN A SONY DIGITAL CAMCORDER IN OUR VIRUS AND SPAM SURVEY

ADD LIVE VIRUS AND HOAX INFORMATION TO YOUR WEBSITE

=======================
Read the full stories:

Xombe Trojan poses as Microsoft warning
By Munir Kotadia
ZDNet (UK)
January 12, 2004, 9:48 AM PT

An e-mail disguised as a message from Microsoft's security team contains a dangerous Trojan horse called Xombe.

Xombe, also known as Trojan.Xombe, Downloader-GJ and Troj/Dloader-L, was being distributed on Friday. It poses as a critical update for the Windows XP operating system. When executed, it attempts to download a malicious backdoor component from the Web.

Trojan Poses as Windows XP Update

File arrives in an attachment purported to be from Microsoft.

Paul Roberts,
IDG News Service

Security companies are warning Internet users about a new Trojan horse program spreading via spam e-mail and masquerading as a Windows XP software update from Microsoft.

Anonymous writes "Today news hit that a trojan horse by the name of Xombe has been released. Although the severity of the threat is still rated at low by Network Associates, experts say that there is potential for a very rapid rate of infection.

The executable resides in an email cleverly titled, Windows XP Service Pack 1 (Express)-Critical Update, and sent from [email protected]. This disguised message contains rather professional sounding content which suggests that the user must run the attached program called winxp_sp1.exe in oder to update their operating system. "

Trojan Horse Making Its Way Into Windows Systems
By Dennis Fisher
November 25, 2003

A new Trojan horse hidden in an e-mail purported to be carrying pornographic pictures is beginning to make the rounds on the Internet.

The Trojan is known as Sysbug and provides its creator with a backdoor into infected systems running versions of Windows from 95 through XP. It copies itself to the Windows installation folder and also adds a new registry entry that ensures the Trojan will run every time the PC starts up.

Backdoor trojans make their presence felt

A virus never sleeps. And it seems they don't stop mutating and breeding, too, as there are two new threats to computer users: BDSinit-A and Webber-C.

Trojan hides in fake Citibank e-mail
By CNETAsia Staff
CNETAsia

An e-mail purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.

Email from 'Citibank' conceals Trojan
Staff
CNETAsia

An email purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.

Attacker attempts to plant Trojan in Linux
Robert Lemos
CNET News.com

An unknown intruder attempted to insert a Trojan horse program into the code of the next version of the Linux kernel, which is stored in a publicly accessible database.