The News Room [News Archive]
Sheriff Contact: John Roach: 313-224-0615
Release Date: Monday, January 12, 2004
Sheriff warns of new Internet identity theft scam to steal
passwords off of computers ---
E-mail poses as “critical software update” info from
Microsoft
The Wayne County Sheriff’s Internet Crime Unit wants to
alert computer users of a new virus making its way around the Internet
today that is designed to steal passwords and other personal information
off of people’s computers.
Sheriff Warren Evans said that the new virus, called Trojan.Xombe,
was first detected yesterday and looks like a legitimate e-mail
from Microsoft with a software update attachment. Users who open
the e-mail attachment may find their machines loaded with a file
that will allow the sender to capture the recipient’s passwords
or online account information. That means someone shopping on any
online retail or baking site unknowingly would be transferring
his or her private information to the person who sent them the
bogus e-mail.
"
Our investigator are always on the lookout for the latest scams
and have learned that this Trojan Horse was spammed out to a large
number of computers overnight," said Evans. “By using
this approach, attackers hope to infect hundreds, even thousands,
of machines before users realize what's up, or anti-virus companies
can react with updated definition files. “
The Symantec Corp, which produces virus protection software,
lists the virus as a Level 2 threat, its second highest. Unlike
some
Trojan Horses, this one is not believed to be self-replicating.
How the scam works
The faux message, which contains a fake sending address of windowsupdate@microsoft.com,
uses the subject line 'Windows XP Service Pack 1 [Express]--Critical
Update' to trick recipients into opening the attached file.
"
Window [sic] Update has determined that you are running a beta
version of Windows XP Service Pack 1 [SP1]," the message's
text reads in part. "To help improve the stability of your
computer, Microsoft recommends that you remove the beta version
of Windows XP SP1 and re-install Windows XP SP1." The message
goes on to urge the user to run the winxp_sp1.exe file attachment
to re-install SP1, and recommends that anti-virus software be
disabled, as it "may interfere with the installation."
Once the file is installed, attackers can access the PC undetected,
add other code to the computer--such as key trackers for acquiring
passwords--and use the machine to launch attacks on other machines.
Evans reminded users that Microsoft never delivers security updates
via e-mail, and urged people to scan suspicious messages for tell-tale
signs of a scam, such as misspelled words and awkward syntax, both
of which are evident in the message loaded with Trojan.Xombe.
“The best rule of thumb is to never open an attachment unless
it comes from someone you know and can verify they sent it to you,” Evans
said. “In the case of software updates, people should go
directly to the company’s official website, where any valid
information should be posted.”
For more information, or to report any suspected Internet Scams,
call the Sheriff’s Internet Crime Unit at 313-875-9676.
» Go To Top