Concomitantly with the latest security bulletin release, Microsoft has also updated a free security tool designed to tackle a specific list of malware.
The latest version of the Malicious Software Removal Tool is now equipped to detect and clean infections involving Win32/Lethic, a Trojan horse set up to connect to remote servers from compromised machines and distribute spam.
However, the software giant warned that spam distribution is only one of the ways in which Lethic can leverage an infected computer, and that attackers can potentially use it to perform additional unauthorized actions.
“Variants of Lethic install executable files with varied file names such as “shelldm.exe” or “xcllsx.exe”. The malware loads as a process when Windows starts,” revealed Patrick Nolan
“The trojan establishes a connection to remote servers using varied TCP ports, such as 1430, 8900, 8090 and so on. It communicates with servers with names such as “dqglobex.com”, “verywellhere.cn”, “iamnothere.cn” among others.”
The reason why Win32/Lethic was added to MSRT is related to high volume of spam sent by the Trojan, that the Redmond company detected.
Microsoft underlined that Forefront Online Protection for Exchange (FOPE) contributed to harvesting the statistics that ultimately flagged Lethic as the best candidate for introduction among the malicious code tackled by the Malicious Software Removal Tool.
“Win32/Lethic is not the biggest botnet in terms of IP addresses, however, it is known for sending many messages into a single envelope,” Nolan added.
A comparison between the spam distribution models of Win32/Rustock and Win32/Lethic reveals that the latter is capable of spamming multiple email addresses with a single message while for the first it’s a case of a 1:1 ration.
“You can do more to protect your Internet experience by running a full AV solution, such as Microsoft Security Essentials, for real-time protection,” Nolan advised. Microsoft Windows Malicious Software Removal Tool is available for download here.Microsoft Security Essentials 2.0 is available for download here.