Barracuda Networks (News - Alert) Inc., provider in email and Web security appliances, announced that Barracuda Central, its 24x7 security operations center, detected a malicious “backdoor” virus distributed via a socially engineered email allegedly from Microsoft (News - Alert) earlier today.

 

A backdoor virus, also called a trapdoor, is an undocumented way of gaining access to a program, online service or an entire operating system. The backdoor is written by the programmer who created the code and is often the only person who knows it.

 

Categorized by Barracuda Central as “Trojan.Backdoor.Haxdoor,” the virus is delivered as an attachment in an email supposedly from the Microsoft Security Assurance team. The virus utilizes several social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well a PGP (News - Alert) signature block at the bottom of the email message.

 

The email informs the recipient that “Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.”

 

The fake email “strongly” recommends that the recipient install an “update” to “protect your computer against security threats and performance problems.” Once installed, Barracuda Central determined that the malware "phones home," and leaves an outbound Transmission Control Protocol (TCP) connection open presumably to await further instructions.

 

A TCP allows for two hosts to establish a connection and exchange streams of data. TCPs guarantee the delivery of data and packets in the same order in which they were sent.

 

“The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack,” said Stephen Pao, vice president of product management for Barracuda Networks. “Unsuspecting users without the proper virus protections in place, could mistakenly install the malware. Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak's early stages, we know the attack hit a significant global footprint."