Tuesday, June 15, 2010

Spammed Trojan Won’t Run Under Windows XP

Via WebRoot Blog -

While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but repeated tests with both a virtual machine and real hardware running Windows XP at various patch levels showed that the Trojan we received attached to a spam message simply quit when executed in an XP environment, but ran smoothly and did all its planned dirty work on a Windows Vista testbed.


More interestingly, though, is the idea that this Trojan, which is so prevalent and widely distributed, may signal the start of a trend where malware authors begin turning away from XP as the dominant operating system they target.


For some time, the conventional wisdom in malware analysis has been that, if you want to do research in a real test environment, it makes sense to use the oldest, most vulnerable, most attacked version of Windows. This development of a Trojan which simply rejects Windows XP as a platform for infection may signal that it’s time for researchers to broaden their horizons and look at these newest, supposedly more secure platforms, more carefully than we may have done in the past.

No comments:

Post a Comment