Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fake Microsoft e-mail contains backdoor virus

Barracuda Networks : 13 October, 2008  (Technical Article)
Spam contains smart attachment which appears as a Microsoft knowledge base file but contains malicious code warns Barracuda
Barracuda Networks has announced that Barracuda Central, its 24x7 security operations centre, began immediately blocking a malicious "backdoor" virus distributed via a socially engineered email purportedly from Microsoft earlier today. Barracuda Networks was one of the first vendors to profile the malware and quickly categorized it in the Barracuda Real-Time Protection system to block the virus in incoming and outbound emails on all Barracuda Spam Firewalls worldwide with Barracuda Real-Time Protection enabled.

The virus, categorized by Barracuda Central as "Trojan.Backdoor.Haxdoor," is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message. The email informs the recipient that "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millennium, Microsoft Windows XP, Microsoft Windows Vista."

Further, the fake email "strongly" recommends that the recipient install an "update" to "protect your computer against security threats and performance problems." Once installed, Barracuda Central determined that the malware 'phones home,' and leaves an outbound TCP connection open presumably to await further instructions.

"The use of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack," said Stephen Pao, vice president of product management for Barracuda Networks. "Unsuspecting users without the proper virus protections in place could mistakenly install the malware. Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak's early stages, we know the attack hit a significant global footprint.'

In addition, Barracuda Central categorized this malware in its anti-spyware protocol definitions to block all 'phone home' activity across all Barracuda Web Filters worldwide, preventing the attack from affecting corporate networks even when users with previously infected laptops connect to the network.

For email not protected by Barracuda Spam Firewalls, such as personal email, the Barracuda Web Filter can block the virus in Web downloads when behind Barracuda Web Filters.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo