Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Trend backs down on MS Trojan claim

Worry of zero day attacks recedes for now.

By John Dunn | Techworld | Published: 12:10, 14 November 2005

Trend Micro has retracted last week’s claim to have discovered a Trojan that could exploit vulnerabilities in the Windows graphics engine.

The claim was highly significant because Microsoft had only patched the critically-rated flaws days earlier. If true, it would have been evidence that malware writers were getting closer to writing a feared “zero day” exploit, where a vulnerability is attacked before its existence has been discovered and a patch issued.

Trend has now admitted that the Troj_emfsploit.A Trojan was mis-analysed by its security team, and the appearance of exploiting the flaws was probably an unfortunate coincidence.

The company had claimed the Trojan could cause explorer.exe - which supports the Windows GUI shell - to crash. Customers that had not yet applied Microsoft’s patch MS05-053 would have been vulnerable.

In fact, it turns out that it can only cause a GUI crash in Windows XP systems prior to the Service Pack 1 (SP1) update of 2002. Windows 2000 systems are vulnerable up to Service Pack 4.

"Given the time we needed to react to this, we didn't analyze it thoroughly. We wanted to do something fast and perhaps we didn't spend sufficient time on it," said Trend chief technologist, Raimund Genes in an interview with a third-party source.

Trend has now removed the explicit claim of an exploit from its website description of the Trojan, and has fallen back on the a generic statement that the Trojan “exhibits behaviour similar to the Enhanced Metafile vulnerability of MS05-053.”

Infection rates for the Trojan are rated as zero across all areas of the world, according to the site.

The affair is not only embarrassing but mildly ironic. Earlier this year, a software update from Trend was said to have caused Windows XP SP2 systems to grind to a halt. The company fielded support calls from nearly 30,000 customers and had to issue a patch to sort the problem.

Only two months before that, the company suffered from a major vulnerability in its own anti-virus software, that affected 30 of its products.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.