1. Computing

Trojan Spammed in Fake Security Bulletin

By June 27, 2007

Follow me on:

A TrojanDownloader was mass-seeded (spammed) in an email masquerading as a Microsoft Security Bulletin. The bogus email reads in part:
You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list.

A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull.

Since then, more than 100,000 machines have been reported as exploited and used to promote spammy pharmacy products such as viagra and cialis.

If the bad grammar and misspellings are not indication enough, the improbability of Microsoft using a phrase like "spammy pharmacy products" should help tip off most that the email is bogus. But it's the next part that's just downright funny:
It's urgent to download and install the update as soon as possible in order to decrease the number of succesfull attacks that occure each day. The update is only available for Genuine Versions of Microsoft Outllok.
Outllok? :-)

Now the email might be funny, but the link it contains isnt. It points to a Trojan detected by Microsoft as TrojanDownloader:Win32/Agent!D265 (no, they don't let me name these things). The Trojan's mission is to seat itself on the system, then download and run additional malicious files. It's worth noting that Microsoft doesn't send out links to executable files, nor do they include links to downloads in their security bulletins.

Comments
Comments are closed for this post.
Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.