New Windows Trojan causes confusion

by admin November 11, 2005 at 3:27 am

Trend Micro on Wednesday reported the discovery of a Trojan horse that it said attacked Windows users through an image rendering flaw in Windows, a day after Microsoft provided a fix for the bug. But it isn’t so sure anymore.

The Trojan is referred to as “emfsploit.a” by the Tokyo-based antivirus company. Initially the antivirus software maker reported that the malicious code would crash “explorer.exe” on unpatched Windows machines. Explorer runs key parts of the Windows graphical user interface, including the Start menu, taskbar, desktop and file manager.

But late Thursday Trend Micro said its initial analysis of the Trojan might be incorrect.

“We asked another team to start the disassembly process again,” said Raimund Genes, chief technologist for Trend Micro in Europe. That means researchers will reinvestigate the Trojan code to see what it does.

Meanwhile, Trend Micro updated the entry in its antivirus encyclopedia on the Trojan. The entry no longer states that “emfsploit.a” exploits the Windows vulnerability, but instead it says that it “exhibits behavior similar to the Enhanced Metafile vulnerability of MS05-053.”

Full article: C|net