Malware writers spoof Patch Tuesday

[i]Spam contains fake update…[/i]

A new malware attack is taking advantage of Microsoft’s upcoming monthly patch release. The spam messages attempt to portray the sender as Microsoft security assurance director Steve Lipner and warn the user of a recently-released patch for several versions of Windows that is being distributed as “an experimental private version of an update for all Microsoft Windows OS users.” “Please notice, that present update applies to high-priority updates category,” reads the message. “In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.”

Attached to the message is an executable file which harbours a Trojan application that infects the user’s system with malware. In addition to its shoddy English, the fake e-mail can be spotted for its listing of several versions of Windows which are no longer supported, including Windows 98 and Windows Millenium Edition.

McAfee security research and communications director David Marcus told vnunet.com that the attacks are nothing new. “Is it something that’s a brand new vector? No. But you have to give them kudos for their timing,” said Marcus. “The chance that it is going to be effective is certainly going to be a lot higher.”

Microsoft has yet to release the monthly update, and the company never sends out security updates as e-mail attachments. Users will be able to receive the update on Tuesday through the Microsoft Update and Windows Software Update Services components.

Network administrators can also protect against the attack by setting email servers to filter out .exe attachments.


I got this email yesterday, my AV spotted it straight away, didn’t even bother reading it.