German “Patch” Trojan Targets Microsoft Windows
A new breed of malware has found its way into systems running on Microsoft Windows.
The German spam, which was detected this week, claims to be an official mail from Microsoft Windows Update, and includes an attached malicious ‘update’ file. The message deludes users by alleging that a new worm is on the loose and that the recipient should run the attached file to protect their system.
The attached file is a Trojan which remains in the compromised PC and records usernames and passwords, and transmits them to the attacker. The spam messages have a “.de” e-mail address and carry a subject line of Achtung! Wichtige Nachrichten von Microsoft Windows Update. The users are easily conned by theFrom: MS Windows Update [msrobot_donotreply|trickthespider|windowsupdate.com] that appears in the email.
Roel Schouwenberg, a senior research engineer at Moscow-based Kaspersky Labs, says that the new Trojan, called "Trojan-PSW.Win32.Sinowal.u", is the latest from the Sinowal family. According to him, this malware has a unique feature that enables it to send information, procured from an infected PC, immediately to the hacker's server rather than storing the information for periodic transmission. When an infected user visits certain banking sites, the Sinowal.u inserts some of its own HTML code into the page that causes a pop-up window asking for personal information like user name and password. This information is then passed on to the hacker. The Trojan is also capable of checking for updates of itself.
This attack can be easily avoided because Microsoft never sends executables files along with their emails, so malignant update attempts like these can be spotted easily. Unfortunately even after repeated announcements by Microsoft, that they never attach software updates to their security email notifications, the users tend to fall prey to attacks.
Microsoft urges all Windows users to verify the legitimacy of messages like this German mail by logging in the Security site on Microsoft.com.
In case of a system infected by a Sinowal Trojan, it is advised to change all the passwords as soon as possible before one starts cleaning up the system.
Related article: Germany Restricts Anti-Hacking Legalization
» SPAMfighter News - 31-05-2006