AppRiver Detects Fresh Malware Scam
According to investigators at security firm AppRiver, fake e-mails in bulk are circulating online as they disseminate malicious software.
Reportedly, the spam attack started on May 6, 2011 before the routine Patch Tuesday scheme of Microsoft for the month and it's still circulating.
The e-mails, which pose as communication from Microsoft Canada, have the caption, "URGENT: Critical Security Update" as well as address the recipient (Microsoft Customer).
Thereafter, they state that a given Security Update will help stop ill-intentioned users from gaining entry into the recipient's PC. Moreover, the update is designed for Microsoft Windows 7, XP, 2000 and 98, the e-mails claim.
Additionally, the e-mails assert that users running Windows 2000 and 98 that Microsoft doesn't support anymore too can apply the Update, while Windows Vista is totally off the list.
Paradoxically, while the fake electronic mails say that the update won't let ill-intentioned users from acquiring admission into the user's PC, it actually does simply the opposite. For, the attachment produces the notorious Zeus Trojan.
Furthermore, the e-mails attempt at appearing genuine, so they state that because distributing the said Update via Microsoft's authorized website has led to successful development of malware, the software company has felt the Update should be distributed through e-mail.
Worryingly, spammers have used this socially-engineered trick earlier too; however, the trick can still sufficiently dupe recipients of the e-mail.
Examining closely, one will find that the construction of the scam isn't quite well. The spellings used in the message body is poor, while English-speaking users will instantly understand that Microsoft hasn't crafted the particular e-mail, emphasize the investigators at AppRiver.
Security researchers remark, users must remember that they shouldn't view attachments within an e-mail from an unfamiliar source. But, as the attachment in the present instance seemingly arrives from a trustworthy party such as Microsoft, an issue becomes apparent though dispatching an unwanted file attached inside an e-mail isn't ever the work of legitimate companies. Thus, incase any user gets this kind of seemingly genuine e-mail he should visit the company's site directly and download the update from there. Appriver.com published this on May 11, 2011.
Related article: AppRiver Reports Security Trends for November 2008
» SPAMfighter News - 20-05-2011