Fake Windows security alert loads a Trojan

But you shall know them by their poor spelling...

By Gregg Keizer, Computerworld | Computerworld UK
Published: 06:39 GMT, 28 June 07

Messages insisting that users install a just-released Microsoft security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies have warned.

The spam, which touts "Microsoft Security Bulletin MS07-0065 -- Critical Update" as its subject and appears to come from "update@microsoft.com," claims users should download a June 18 security patch and provides a link to a URL that looks legit.

"A new 0-day vulnerability has appeared in the wild," the message reads. "The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull [sic]." It goes on to boast that 100,000 PCs have been hijacked so far by unnamed malware exploiting the bug.

However, the link takes users to one of several different attack sites that download a Trojan horse to the machine. "Security bulletins from Microsoft describing vulnerabilities in their software are a common occurrence," noted Sophos analyst Graham Cluley in a statement today. "[But] by using people's real names, the Microsoft logo and legitimate-sounding wording, the hackers are attempting to fool more people into stepping blindly into their bear trap."

The SANS Institute's Internet Storm Center and Symantec's DeepSight threat network have also issued alerts on the fraudulent messages.

Playing the legitimacy card is an important "scam-spammer" technique, James Blascovich, a professor of psychology at the University of California, Santa Barbara, said yesterday in a just-released paper on the mind games attackers play to persuade people that it's safe to open suspicious e-mail. The fake security alert, for example, refers to "Genuine Microsoft Software," a phrase the company itself heavily promotes; uses the recipient's first name in the body of the message; and includes a purported product registration key.

Alert users, however, will be immediately suspicious of the message - and not just because of the typical-for-spam misspellings - but because it labeled the update "MS07-0065." So far this year, Microsoft has only reached MS07-035 in its numbering system.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Add your commentComments

Peter Coppola | Published: 00:19 GMT, 15 September 2008

Why doesn't MS windows put out a fix to delete the Security Center Alert Virus

Zee | Published: 10:05 GMT, 05 December 2007

How does you get rid of it?

Related Security news

Pwn2Own sponsor betting on Internet Explorer, iPhone

White hats will take down Microsoft browser

19 March 2010

Weak states leave EU open to cyberattack

But UK is well defended

Estonia defence minister: Cyberattacks will grow

Three years after attacks, cyber war is on the global political agenda

Google, Facebook criticised by US communications regulator

Step up to protect privacy, says FTC commissioner

Related Security reviews

Kingston DataTraveler Locker+ review

Comodo Firewall review

TrueCrypt review

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Email archiving: Top 10 myths and challenges

This survey looks at a number of challenges and myths around email archiving that may also slow adoption of full archiving.

Download Whitepaper

Strategic mobile deployments

Deploying mobile applications? Supporting multiple devices? See why mobile platforms should be part of your IT strategy.

Download Whitepaper

Creating an AUP: Common myths & mistakes

Avoid the common myths & mistakes when implementing your AUP

Download Whitepaper

Legal risks of uncontrolled email and web use

Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Virtualisation 2.0
Driving to higher ground beyond the basics

Virtualisation can deliver unparalleled efficiency and cost reductions to your business, allowing direct access to servers and guaranteeing a dependable, rapid response in times of crisis. Read this e-book to learn more about consolidation, discover the latest technologies and find out how to reduce the TCO of virtualisation.

Download E-Book
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *