10 May 2002
Internet users caught up in the hype of the recent Xbox launch may be falling for a web hoax that installs a Trojan horse on their machine.
The success of the malicious code may be boosted by the fact that the Trojan masquerades as an Xbox emulator for the PC.
Of course, there is no such thing, but the launch hype of the new console, mixed with a little bit of internet trickery, seems to have created a sizeable hotbed of web users who really think they are downloading an Xbox emulator.
Such things aren't unheard of; there are a multitude of other console emulators available on the web allowing you to play anything from N64 games to PlayStation discs.
But users downloading the Xbox emulator, which arrives as a file called 'EMU_xbox.exe', are really installing a Trojan on their PC.
When executed, the program quits out with an error message after dropping a back door program called NetBUIE.exe on the victim's machine.
Once installed, the Trojan connects up to a number of remote servers, suggesting that it may be racking up dollars for its creators by scamming a number of pay-per-click services.
But analysis also revealed that the program makes attempts to connect to four Microsoft-run servers, for reasons yet unknown, although one of these connects to Microsoft's free Bcentral.com counter service and reveals a worrying four million or so hits from the Trojan.
According to another link on the fake emulator's website before it was pulled earlier today, over 30,000 visitors have been to the site. That's 30,000 potential victims of the Trojan.
By way of a disguise, NetBUIE.exe looks similar to Netbeui (NetBios Enhanced User Interface) which is a networking protocol commonly used on Windows networks.
Right clicking on the executable and selecting properties even brings up a Microsoft copyright notice, adding a legitimate feel to the file.
Earlier today the main web page that hosted the program was taken down by free host Angelfire for violation of its terms of service.
But the program may yet crop up on other websites in the same guise, and antivirus firms do not appear to be on the case yet.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Assistant Director - Infrastructure - London - required...
A well established homeware brand is looking for an experienced...
Join a team that is revolutionising the way media is...
Linux Server Support Analyst - Bristol/Bath £20,000 plus...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?