TrendMicro and Microsoft are warning about a new cycle of malicious Spam that started around the time Microsoft announced its security updates for October. The e-mail includes an attachment and advises the customer to apply the patch. The mail even goes so far as to sign Steve Lipner’s name and attempts to forge the MSRC’s PGP signature.
Microsoft is warning users about fake updates.(IMG:J.Anderson)
The e-mail subject, "Security Update for OS Microsoft Windows," has been tried before. This is not the first case of Spam attempting to trick users into installing rogue Microsoft updates. The attachment in this particular case is an EXE file which always starts with KB and includes six random numbers. Several AV vendors are now detecting the rogue update and tagging it with various names.
However, it is the first to go so far as to forge a PGP key, and to use a legit name from Microsoft. The e-mail is 'signed' using Steve Lipner’s name, who is the current senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group.
"Dear Microsoft Customer," the e-mail starts, "Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
"Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update."
In the e-mail sample above, quoted exactly from samples in The Tech Herald lab, there should be all sorts of red flags raised, the least of which is the poor grammar used by the e-mail's author. The list of software also includes products no longer supported by the Redmond-based giant, and, if you use PGP, the signature is invalid.
Just in case a user installs the patch and nothing happens, the e-mail explains that: "probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished. We apologize for any inconvenience this back order may be causing you."
Microsoft has issued a warning about the e-mails, in which it reminds users that it never sends updates using this method of communication. All Microsoft-related updates come directly from Windows Update or Microsoft Update.
"Computer users need to learn that Microsoft never sends out security updates as email attachments, and that they should always visit the genuine Microsoft website, or use automatic updating processes, to keep their systems current," said Graham Cluley, senior technology consultant at Sophos.
"By timing their attack to coincide with Microsoft's genuine monthly patch cycle, the spammers are hoping to trick more unwary computer users who might be awaiting the update, keen to defend themselves against future cyber attacks," he added. "However, falling for this scam will do precisely the opposite and could result in identity theft or financial losses."
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)