Wiretapp has reported the discovery of malicious email that tries to take advantage of the .LNK exploit news by claiming to be a Microsoft security patch for the vulnerability. It's not a very clever trick and the email is so poorly worded, it's hopeful that few would fall for the ruse. Those that do won't be getting a Microsoft security patch as the email alleges; instead they'll be infecting their systems with a variant of the Zeus trojan.
The malicious email reads as follows:
Hello, we are writing to you about a new Microsoft security advisory issue for Windows.
There is a new potentially dangerous software-worm, attacking Windows users
through an old bug when executing .ICO files. Although this is quite an old
way of infecting software, which first was used in 1982 with Elk Cloner
worm, the new technique the new worm is using is more complicated, thus the
speed and number of attacs has strongly increased.Since you are the special Microsoft Windows user, there is a new patch
attached to this e-mail, which eliminates the possibility of having you
software infected.
The email then tells recipients to open the email's attached zip file using the password "security" and copy the enclosed "lol.dll" to the root of drive C:/. Detection by antivirus vendors is fairly low, as seen in this VirusTotal report. Remember: Microsoft never sends security patches by email; any claims that an attached file is a Microsoft patch will be patently false.
That’s really kind of amusing. 1982 Elk Cloner…haha!
If these idiots every get a decent command of the English (well American) language, we could be in a lot more trouble!