E-Mail Promoting Fake Security Update Directs to Trojan Bearing URL
Bogus e-mails that are making rounds on the Internet while insisting that recipients download a security update fresh from Microsoft Corp., actually direct them to a site that injects malicious code onto their PCs, warned several security companies on June 27, 2007, as reported by Computerworld.com.
The spam mail uses a subject title - "Microsoft Security Bulletin MS07-0065 Critical Update" that seems to arrive from email@example.com. It claims that users should install a security patch of June 18 and also provides a link to an apparently legitimate URL.
The message says that there is a zero-day vulnerability in the wild, which corrupts computers running Microsoft Outlook and lets the attacker, who succeeds in the exploitation process, to completely commandeer the affected computers. The email further says that by exploiting the bug an unknown malware has so far hijacked 100,000 PCs.
However, the e-mail link leads the users to just another malicious site that plants a Trojan horse onto their systems.
The arrival of Microsoft's security bulletins that describe vulnerabilities in the company's software is commonplace, noted Graham Cluley, senior technology consultant for Sophos. But hackers often use people's actual names, a Microsoft logo and true sounding words to fool many people and trap them in their tactics, he said, and Bink.nu published it on June 28, 2007.
The false security alert uses a phrase "Genuine Microsoft Software" that the company itself promotes, addresses the recipient with his first name, and includes a phony product registration key.
Making the e-mail sound legitimate is an important technique for the scammer, said James Blascovich, a professor of psychology at the University of California, Santa Barbara on June 26, 2007, as published by Arnnet.com.
The SANS Institute's Internet Storm Center and Symantec Corp's DeepSight threat network have also released alert notices on the fake messages.
Wary users could easily find the spam mail suspicious not just for the typical spam spellings in it but also because it refers the update as "MS07-0065", a numbering that Microsoft has not reached so far in this year. Microsoft has labeled its last update as MS07-035, as per the news reported by Computerworld.com on June 27, 2007.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 07-07-2007