1. Symantec/
  2. Security Response/
  3. Trojan.Xombe


Risk Level 2: Low

January 9, 2004
February 13, 2007 12:15:55 PM
Also Known As:
Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
Trojan Horse
Systems Affected:

Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.

The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

From: windowsupdate@microsoft.com
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)

The Trojan is packed with UPX.

To prevent this Trojan from running, outgoing HTTP connections to domain gamemaniacs.org can be blocked.

Antivirus Protection Dates

  • Initial Rapid Release version January 9, 2004
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version January 9, 2004
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date January 14, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Benjamin Nahorney

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube