Bogus Microsoft Update Notice Plants Trojan

Security firm PandaLabs has unearthed a malicious e-mail scheme which is using a fake Microsoft Update notice to deceive end-users and compel them install a Trojan.

Pretending to be from Microsoft Support, the e-mail displays an authentic appearing subject line. Moreover, the text of the e-mail tries to take advantage of the constant as well as right advice that the user must maintain his PC up-to-date with the help of security patches.

The e-mail informs about certain crucial update that the recipient must install at the earliest. It further provides the update's details along with the directions regarding the method of installation.

Experts at the security firm noted that the spam attack is using a very fine tactic of social engineering.

However, although the e-mail does not contain any grammatical errors or spelling mistakes, it does have a few hints clearly indicating it to be a spam.

First and foremost, Microsoft or any other software firm will never ever send security updates or patches through e-mail attachments. Actually, the users who don't follow Patch Tuesdays regularly may not notice the hints. As a result, they may lose the second chance of recognizing a spoofed message.

According to the firm, the current spam e-mail attaches the alleged security update within a zip file. However, while executing it, the user will download and install the Bredolab Trojan.

Simultaneously, the attached file also downloads Security Tool, which is indeed a rogue anti-virus (AV) program. This forged AV deliberately and misleadingly reports of security threats on the victim's computer and also exhibits bogus security notifications and alerts that could make the user think that his system has malware infection. In the meantime, the deceptive software belongs to the same group of applications as System Security and Total Security 2009.

Additionally, PandaLabs further notes that the new malicious e-mail campaign comes only a few days following the security company alerting users regarding another Bredolab spreading across the Internet in the pretext of an e-card.

Finally, the PandaLabs researchers remind the users time and again to avoid clicking on Web links that appear through unsolicited e-mails, as they could contain viruses and worms, or other malware.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 2/11/2010