Windows Patch Deceives by Spreading Trojan
Security firm Websense has alerted Windows users to be wary of a false
e-mail message that persists users to install a Windows vulnerability
patch to be obtained from Microsoft Security MS05-039.
This e-mail invokes a fear in the user that his system might be attacked
and so makes him to install the fake patch. This actually leads to a
malware infection, says Joel Camissar of Websense. Also, hackers are
capitalizing on fear created in the market place. Despite the harm it does
people are installing the patch. And people are being doubly victimized
because they want to protect their system from all these troubles by using
the patch. Spam mail disguises under the name of an original patch that
was launched by Microsoft in early August to mend a flaw.
The e-mail refers to a "plug and play" loophole in the Windows Systems
that must be corrected by installing the security patch. The e-mail uses
the same number as the original patch, however, the web site it relates to
and the program it downloads are different. Once the user visits the
website and downloads the code, his computer gets infected with Trojan
horse, which can cause passwords theft.
Camissar added that the so-called patch creators get details about the
type of vulnerability and use it to exploit fear of PC owners that their
systems could be attacked.
Taking advantage of this fear somebody sent a spam message that fakes to
be a formal letter between the sender and the recipient but actually
spreads malware. The spammer poses to be a former employee of a company
who found the recipient's e-mail id from the company's recipient list.
Some portion of the spam mail says that assuming that (the receiver of the
mail) is connected to the company he would be able to help him (the sender
of the mail) who performed his duties responsibly and is willing to join
the company again. He sends an attachment, which has details of payments
received, fed ware, and properties.
When the attachment is opened the executable file au.exe infects user's PC
with 'Haxdoor' backdoor Trojan.
Related article: Windows XP Fault Strike Firewall
ยป SPAMfighter News - 9/11/2006