Fake Windows patch e-mail leads to Trojan horse attack- It's touting a bogus security update

1 view
Skip to first unread message

Adri

unread,
Jul 6, 2007, 12:21:01 PM7/6/07
to H O N E Y - C O M B
Fake Windows patch e-mail leads to Trojan horse attack
It's touting a bogus security update

Messages insisting that users install a just-released
Microsoft Corp. security update are bogus and actually lead to a site
that plants malicious code on PCs, several security companies warned
today.
The spam, which touts "Microsoft Security Bulletin MS07-0065 --
Critical Update" as its subject and appears to come from
"upd...@microsoft.com," claims users should download a June 18
security patch and provides a link to a URL that looks legit.
"A new 0-day vulnerability has appeared in the wild," the message
reads. "The vulnerability affects machines running MICROSOFT OUTLOOK
and allows an attacker to take full control of the vulnerable computer
if the exploitation process is succesfull [sic]." It goes on to boast
that 100,000 PCs have been hijacked so far by unnamed malware
exploiting the bug.
However, the link takes users to one of several different attack sites
that download a Trojan horse to the machine. "Security bulletins from
Microsoft describing vulnerabilities in their software are a common
occurrence," noted Graham Cluely, a Sophos PLC analyst, in a statement
today. "[But] by using people's real names, the Microsoft logo and
legitimate-sounding wording, the hackers are attempting to fool more
people into stepping blindly into their bear trap."
The SANS Institute's Internet Storm Center and Symantec Corp.'s
DeepSight threat network have also issued alerts on the fraudulent
messages.
Playing the legitimacy card is an important "scam-spammer" technique,
James Blascovich, a professor of psychology at the University of
California, Santa Barbara, said yesterday in a just-released paper on
the mind games attackers play to persuade people that it's safe to
open suspicious e-mail. The fake security alert, for example, refers
to "Genuine Microsoft Software," a phrase the company itself heavily
promotes; uses the recipient's first name in the body of the message;
and includes a purported product registration key.
Alert users, however, will be immediately suspicious of the message --
and not just because of the typical-for-spam misspellings -- but
because it labeled the update "MS07-0065." So far this year, Microsoft
has only reached MS07-035 in its numbering system.

<Adri>

Reply all
Reply to author
Forward
0 new messages