Trojan masquerades as Microsoft patch

Trojan-infected spam emails claim to protect against worm attacks

A newly discovered Trojan designed to get past antivirus software is being spread by spam posing as an urgent Microsoft security update. 

Web monitoring company Websense has issued a warning about the infected spam mails, which claim to protect against worm attacks.

If an unwary user clicks on the link at the bottom of the email a new variant of the SDBot Trojan, as yet unidentified by antivirus companies, is downloaded onto their PCs.

The email header is as follows: 'Microsoft Security Bulletin MS05-039: New patch against W32/Sober, W32/Zafi, W32/Mytob'.

The SDBot Trojan is part of a group of malware used primarily to set up botnets, networks of infected computers that can be operated en masse to send spam or attack vulnerable systems.

Graham Cluley, senior technology consultant at Sophos, said: "The lab tells me that the URL quoted in the emails is down, so there's no way at the moment for people to be infected by whatever is at the end of the web link. 

"Because we cannot download any malware at the end of the link we cannot currently confirm whether we detect this variant or not.

"But we do have a history of proactively protecting against many of the new variants of SDBot. Always visit the official Microsoft website for its operating system security patches."