Discovered: February 16, 2001
Updated: February 13, 2007 11:35:16 AM
Also Known As: Trojan.PWS.Coced.240.b [KAV], PWS.gen [McAfee], NAEBI.240B.Trojan, Troj/Coced-240 [Sophos], TROJ_COCED.240 [Trend], Win32.PSW.Coced.240.B [CA], PWSteal.Coced240b.Tro
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
The password stealer appears as an attachment named 26705-i386-update.exe. It claims to be a vulnernability patch that is mailed from support@microsoft.com. The Trojan sends confidential password information to an email address.
Microsoft has posted information regarding bogus files such as this at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
Note: Definitions prior to May 10, 2006 may detect this threat as PWSteal.Coced240b.Tro.
Protection
-
Initial Rapid Release version February 20, 2001
-
Latest Rapid Release version August 20, 2008 revision 017
-
Initial Daily Certified version February 20, 2001
-
Latest Daily Certified version August 20, 2008 revision 016
-
Initial Weekly Certified release date February 20, 2001
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Damage
Distribution
Writeup By: Brian Ewell
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
