• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Trojan › Trojan masquerading as Microsoft Update

Trojan masquerading as Microsoft Update

Myantispyware team December 13, 2005     No Comment    

Reported in Codefish. We checked out this Trojan and it’s not very friendly.

Here is what the email looks like:

Microsoft Security Bulletin MS05-039

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

Summary:

Who should receive this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:

Affected Software:

•

Microsoft Windows 2000 Service Pack 4 – Download the update

•

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update

•

Microsoft Windows XP Professional x64 Edition – Download the update

•

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update

•

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update

•

Microsoft Windows Server 2003 x64 Edition – Download the update

Non-Affected Software:

•

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Conclusion: We recommend that customers apply the update immediately.

© 2005 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement

I checked the file at Virustotal and here are the results are as follows (“No virus found” means that the virus scanner did not detect it):

This is a report processed by VirusTotal on 12/12/2005 at 18:59:39 (CET) after scanning the file “Windows-KB899588-x86-ENU.exe” file.

Antivirus Version Update Result
Avast 4.6.695.0 12.10.2005 No virus found
AVG 718 12.08.2005 No virus found
McAfee 4648 12.12.2005 No virus found
NOD32v2 1.1319 12.12.2005 No virus found
Norman 5.70.10 12.12.2005 No virus found
TheHacker 5.9.1.053 12.12.2005 No virus found
F-Prot 3.16c 12.09.2005 security risk or a “backdoor” program
AntiVir 6.33.0.61 12.12.2005 TR/Luhn
Avira 6.33.0.61 12.12.2005 TR/Luhn
Panda 8.02.00 12.12.2005 Trj/Spy.Luhn
Sophos 4.00.0 12.12.2005 Troj/Dropper-BV
Symantec 8 12.12.2005 Trojan.Dropper
DrWeb 4.33 12.12.2005 Trojan.Sklog
BitDefender 7.2 12.12.2005 Trojan.Spy.Luhn.A
ClamAV devel-20051108 12.12.2005 Trojan.Spy.W32.Luhn
CAT-QuickHeal 8 12.12.2005 TrojanSpy.Luhn.a
Kaspersky 4.0.2.24 12.12.2005 Trojan-Spy.Win32.Luhn.a
VBA32 3.10.5 12.12.2005 Trojan-Spy.Win32.Luhn.a
Fortinet 2.54.0.0 12.11.2005 W32/SpyLuhn.A-dr
eTrust-Iris 7.1.194.0 12.11.2005 Win32/Luhn!Spy!Dropper
eTrust-Vet 12.3.3.0 12.12.2005 Win32/Luhn.A

by Sunbelt research

Exploits & Vulnerabilities Trojan

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

TEMU UP TO 90 OFF SPECIAL OFFER scam
Beware of the ‘TEMU UP TO 90% OFF SPECIAL OFFER’ Scam on Facebook! 🚨
Delivery Failed Addressee Unknown USPS Scam
Delivery Failed, Addressee Unknown: USPS or Scam? Decoding the Alert
Re Captha Version Top virus
Re Captha Version Top Virus Removal Guide
Rosyday.co.uk scam store
Rosyday.co.uk Review: The Reality Behind the ‘Beautiful Dresses’ Facebook Ads
Re-captha-version-3-35.top Click Allow Scam
Re-captha-version-3-35.top Virus Removal Guide

Follow Us

Search

Useful Guides

How to reset Mozilla Firefox (Updated Apr. 2018)
Best free malware removal tools
Best Free Malware Removal Tools 2023
adwcleaner
AdwCleaner – Review, How to use, Comments
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Posts

Free service for scanning suspicious files
Antother note about SpyAxe
Trend Micro™ Anti-Spyware for the Web
Rootkits Are Bombarding XP SP2 Systems
First Vulnerability for Firefox 1.5

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.