[Current] Microsoft Update Spoof

Angela Triola ATriola at entfederal.com
Thu Apr 14 14:44:47 GMT 2005

Seems like everyone's heard about the spoof but finding an actual copy
of the email is not easy!  I almost think we're in more danger from the
volumes of warning emails circulating than we are from the actual
spoofed email.

Symantec provides the following information about the Trojan
(Trojan.Xombe) that was attached to a spoofed MS update email:

The one referenced above is not new and Symantec has had AV definitions
built/available for it since Jan '04.  They also mention that the
website to which the Trojan attempts to connect is not available.

ZoneLabs provides the following information - also dated Jan '04.

So, perhaps there is a new email going around.  OR, Perhaps this is
simply a resurgence of the older email.

BTW - The Symantec link above does provide the text of the original
email message as well as the filename of the executable.  

Angela Triola
Infrastructure Analyst III
Ent Federal Credit Union

-----Original Message-----
From: current-bounces at dshield.org [mailto:current-bounces at dshield.org]
On Behalf Of Gearry Judkins
Sent: Friday, April 08, 2005 9:24 AM
To: Dshield-Current (E-mail)
Subject: [Current] Microsoft Update Spoof

Does anybody have more information on the update spoof.  I would like to
some rules to our spam filter just as an extra precaution, but I could
find any details on the contents of this message.

Gearry Judkins
FCHN Information Systems

Current mailing list
Current at dshield.org

DISCLAIMER: The information contained in this email is confidential and is intended for the person or entity to which it is addressed. If you received this email in error, please notify us immediately and delete it from your computer. Use of this information by persons or entities other than the intended recipient is prohibited.

More information about the Current mailing list