Trojan Spammed as Microsoft Security Update
Tuesday October 14, 2008
There's a new Trojan being spammed in email disguised as a Microsoft security update. The email has the subject line "Security Update for OS Microsoft Windows" and carries a malicious attachment touted as an "experimental private version of an update for all Microsoft Windows OS users". Instead of a security patch, those who open the attachment will infect their system with a variant of Haxdoor, a backdoor Trojan which uses rootkit technology to hide its presence. In the past, Haxdoor has also been distributed as a greeting card.
Disguising malware as a security update isn't a new trick - the Dumaru worm used the same technique back in August 2003 as did the Gibe worm in March 2002. It's important to remember that Microsoft does not deliver security updates via email attachment - any email attachment claiming to be a Microsoft security update should be considered malicious and the email should be promptly deleted.
Graham Cluley of Sophos has published the text of the most recent security update scam on his blog.
Thanks for the research! I got the Security Update for OS Microsoft Windows today. Actually I recieved it Sunday, but just opened it today; however, I didn’t click on the attachment which was oddly named, ‘Norton Antivirus Deleted Attachment1.txt (190kb).
I googled the subject line and found your site. Thanks again.
Michelle
Thanks for the research! I got the Security Update for OS Microsoft Windows today.