Misery Underlying Fake Patch Tuesday by Microsoft
With the release of "Patch Tuesday", which is a low-volume threat circulated as a Microsoft update. By this attack, the ignorant user is attracted towards clicking into the link attached within the e-mail message. This malicious software evidently attacks the user's system by infecting the machine, reports Websense on May 09, 2011.
Only 11% detection rate has been visible from the hosting of the fake patch on a compromised system as reported by Websense.
The pertaining messages of the e-mails seem to be quite legitimate as the display names within the headers provide indication of being originated from Microsoft Canada. The other attributes of the message provide the sense of urgency within the subject: Critical Security Update".
English and French has been used to write the message of the e-mail content. This provides an indication of the creativity and pain stake made towards targeting a large number of audiences. Installations of the fake patch lead to infect a compromised machine with Zeus Trojan variant. The Trojan variant can control command and server and control server at visitortracker.
With the supposed release of the latest patch, it is expected to have initiated a low-volume spam run and hold a link to a Zeus Trojan variant that merely seems to be an update.
The man behind the campaign seems likely to have used his intellect as Microsoft generally releases its monthly updates and fixes on Tuesday and this day has been targeted for releasing the vulnerable software. Microsoft claimed that only two programs are able to receive updates in this patch cycle.
Microsoft is headed towards patching two undisclosed vulnerabilities through this "Patch Tuesday". These two updates include a critical update that could affect MS Windows and an important update that could affect MS Office. However, the team has decided to issue the security update via e-mail as reported by securitynews Daily on May 10, 2011.
Nonetheless, it is yet unknown the necessary legitimate reasons due to which users' suspiciousness is not raised and they are not urged to take necessary precautions as well.
Related article: Macro Virus Deceive Users With Infected Word Document
» SPAMfighter News - 16-05-2011