An e-mail disguised as a message from Microsoft's security team contains a dangerous Trojan horse called Xombe.
Xombe, also known as Trojan.Xombe, Downloader-GJ and Troj/Dloader-L, was being distributed on Friday. It poses as a critical update for the Windows XP operating system. When executed, it attempts to download a malicious backdoor component from the Web.
It appears to be an imitation of one of last year's most successful worms, the mass-mailed Swen, which also masqueraded as a security warning from Microsoft.
However, Xombe has yet to repeat the success of Swen. While the former failed to make the top 10 threats intercepted by e-mail security company MessageLabs on Monday morning, Swen was at No. 2, with some 7,000 instances captured in the past 24 hours.
The e-mail, which appears to have been sent from firstname.lastname@example.org, has the subject line "Windows XP Service Pack 1 (Express) - Critical Update" and directs users to execute the attachment, called winxp_sp1.exe, in order to fix some vulnerabilities in Microsoft's Internet Explorer, Outlook and Outlook Express.