New Trojan piggybacks on Blaster scare

By Steve Malone

Posted on 18 Aug 2003 at 09:50

A new Trojan has appeared which appears in an email purporting to be a fix for the Blaster worm. The trojan enables the send to access and control an infected computer over the Internet. The attacker can also steal passwords, send emails, and record keystrokes.

The Trojan, according to email security specialists MessageLabs, claims to come from webmaster@Microsoft.com, contains the following text

'Microsoft began investigating a worm reported by Microsoft Product Support Services (PSS). A new worm commonly known as W32.Blaster.Worm has been identified that exploits the vulnerability that was addressed by Microsoft Security Bulletin MS03-026.

'Download the attached update program.

'Attachment: 03-26updated.exe (319,670 bytes)'

The Blaster worm itself, being the longest telegraphed Denial of Service attack in history, simply failed to go off. This was due to the fact that on Friday 15, Microsoft simply took down the URL www.windowsupdate.com. The site is now available at windowsupdate.Microsoft.com. However, users who are infected with the Blaster worm and the variants that have appeared should go to the Microsoft site to check for the latest information and details of anti-virus fixes as the worm is still a threat.