News of Technology

Latest news of Technology world.

Thursday, November 10, 2005

New Windows Trojan causes confusion

the Tokyo-based antivirus company said it had discovered a Trojan horse that used an image-rendering flaw in Windows to attack systems, a day after Microsoft had provided a fix for the vulnerability. But late Thursday, Trend Micro said its initial analysis of the Trojan might be incorrect.

"We asked another team to start the disassembly process again," said Raimund Genes, chief technologist for Trend Micro in Europe. That means researchers will reinvestigate the Trojan code to see what it does.

The Trojan is referred to as "emfsploit.a" by Trend Micro. Initially, the antivirus software maker reported that the malicious code would crash "explorer.exe" on unpatched Windows machines. Explorer runs key parts of the Windows graphical user interface, including the Start menu, taskbar, desktop and file manager.

Trend Micro has found that the Trojan does cause a crash on certain Windows XP systems, but the finding is not consistent with Microsoft's Tuesday bug report. Trend found a crash only on Windows XP computers without Service Pack 1. But according to Microsoft, the vulnerability also affects systems with SP1 and SP2, so these should crash as well if the Trojan indeed exploits the MS05-053 flaw.

Trend Micro describes the new Trojan as a "proof of concept." It received one sample of the code from a customer in Japan, but as of late Thursday the Trojan hasn't actually been detected anywhere else, Genes said. The company hence rates the overall risk "low."


Post a Comment

Links to this post:

Create a Link

<< Home

eXTReMe Tracker