Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Counterfeit Microsoft Security Bulletins Install Malware

As Tuesday (June 5, 2007) - the day Microsoft Corp. would release its monthly patch - was approaching, scammers started circulating e-mails giving counterfeit security bulletins while trying to install corrupt code on victims' computers.

The e-mails discuss a "Cumulative Security Update for Internet Explorer" that patches a serious hole in the browser. It provided a link named "Download this update". The link is malicious because on clicking it the user is redirected to a corrupt server that installs malware dubbed as Trojan-Downloader.W32.Agent.avk.

After a deceptive technique downloads the Trojan onto the victim's computer, more treacherous things happen. It downloads additional malware and harmful software on the affected PC. Further, it tries to creep into other PCs via the Internet and installs malicious software on them as well.

On Thursday June 7, 2007 night, the SANS Internet Storm Center received its only report about the scam. But, elsewhere the Chinese Internet Security Response Team blog posted a second specimen report.

The two samples of e-mails that were reported carried some obvious errors that technically familiar users could detect. For instance, though the Zeltser patch claimed its release in June 2007, it was tagged as MS06-4 rather than the more reasonable MS07-004.

When software giant Microsoft issues security bulletins it certainly sends out notification e-mails where links in them lead users not to executable files but to the bulletins alone.

The scams would be successful by fooling just a small number of victims, said Lenny Zeltser, security practice leader at Gemini Systems in New York. PC World published Zeltser's statement on June 11, 2007. One may wonder if the manner of writing the fake security notification e-mails that don't tally with the actual ones really matters. For, people who would be able to spot them would probably not submit to the link, Zeltser added.

Zeltser is sure that the criminals pushing the scam are preparing for more dangerous activity. The Trojan searches three separate servers where two of them link to domains, unregistered as yet. According to Zeltser's speculation, the scam authors might be thinking of registering those domains before launching a bigger campaign.

Related article: Contract Killer Spam Scam

» SPAMfighter News - 21-06-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next