Spam Offers Fake Microsoft Update

Websense has discovered a large volume of spam mails that are using a reliable social engineering ploy to trick users into downloading a critical security patch from Microsoft. The message warns users that a certain security problem could affect their Windows computer so they need to click on a link that would take them onto a Web page for download. But, the link actually creates a redirect that leads to a lawful shopping site where users are forwarded to a malware-thrusting URL displaying a pop-up that instructs for clicking "yes" to begin the download.

According to Dan Hubbard, CTO at Websense, the attack is a deception that tries to make it appears as a Microsoft update, which the user needs to act on, instead of an exploit code which infects the user even without opting for the download, as reported by SCMagazineus on July 2, 2008.

Thus, on downloading the malware, a backdoor infection sets on the user's computer that gives the hackers an opportunity to exploit it. An interesting part of the spam is that the original domain name root leads the user onto the Secret Service Website.

Hubbard explained that Websense believed that the spammers were playing the trick as certain security products merely look for the highly reputed domain names and not the complete domain name. In the current case, the security system looked only for the Secret Service and so it permitted the spam to pass.

However, Hubbard added that the spam could be easily spotted, as Microsoft do not send e-mail notifying about patches or updates. According to Websense, it is vital to point out that Microsoft does not send notifications about security updates via e-mails. Therefore, Websense Web Security and Websense Messaging customers are safe from this attack, the company said

Vice-president and Eminent Analyst Avivah Litan of Gartner added that the spam proved just how smart the con people were getting, as reported by SCMagazineus on July 2, 2008. The spam mailers were trying to determine how they could elude the filtering systems, indicating another instance that called for stronger authorization on the Internet, Litan further added.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 7/22/2008