New Malware Campaign Exploits Microsoft Security Updates

Internet security vendor Sophos has warned Internet users about a new malware campaign masquerading as a security patch for different versions of Windows.

The fake e-mail appears to have come from Steve Lipner, Microsoft Director of Security Assurance. The e-mail claims that it is to inform Microsoft customers about the security update which is available on Microsoft's websites but security experts have warned that it will lead to the creation of malicious software.

The text of e-mail states - Microsoft has recently released a security patch for OS Microsoft Windows. The patch is applicable to the following OS versions - Microsoft Windows 7, Microsoft Windows 2000, Microsoft Windows Vista, Microsoft Windows Millenium and Microsoft Windows XP.

The e-mail scares the users by stating that the security patch is highly critical and therefore Microsoft recommends all users that they should immediately install it. In addition, the e-mail embodies step by step instructions to install security patch.

A direct link is attached to the e-mail to take users to an executable file called Windows-KBxxxxx-ENU.exe, which put the malware alarm bell off. According to Vanja Svajcer, Principal Virus Researcher at SophosLabs, the executable file is Delphi packed with the help of custom packer. However, when the user tries to execute it on the system, it causes error and shows signs of malformation, as reported by ITWire on December 7, 2009.

Sophos AV software easily detected the malicious file as EncPK-LL and thus, Svajcer stopped his analysis.

Security experts have acknowledged that it is a malware campaign because Microsoft security update e-mails don't contain links to an executable file or have executable in attachment form.

Sophos security experts have stated that all major security companies use e-mail as a medium to inform people about security updates, but it can't be ruled out that e-mail is commonly used by cyber criminals to launch chains of infection attacks.

Moreover, it has been cleared that cyber criminals deliberately launch malware campaign at a time when it coincides with Microsoft Security Bulletin Advance Notification, said the security experts. Thus, it becomes even more important to be careful of links that leads to executable files. Notable thing about the scam is that it hit Internet at a time when Microsoft is going to release patches for the month of December.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 12/15/2009