Barracuda has identified a malicious ‘backdoor' virus that was sent via a spam message.
Hidden in a fake email that claimed to be a Microsoft Security Update, ‘Trojan.Backdoor.Haxdoor' is delivered as an attachment and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message.
Barracuda Networks profiled the malware and quickly categorized it in the Barracuda Real-Time Protection system to block the virus in incoming and outbound emails on all Barracuda Spam Firewalls worldwide with Barracuda Real-Time Protection enabled.
In addition, Barracuda Central categorized this malware in its anti-spyware protocol definitions to block all "phone home" activity across all Barracuda Web Filters worldwide, preventing the attack from affecting corporate networks even when users with previously infected laptops connect to the network.
The email claims that Microsoft has issued a security update for OS Microsoft Windows, and recommends that the recipient installs an “update” to “protect your computer against security threats and performance problems.”
Stephen Pao, vice president of product management for Barracuda Networks, said: “The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack.
“Unsuspecting users without the proper virus protections in place could mistakenly install the malware. Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak's early stages, we know the attack hit a significant global footprint.”