Fake Microsoft Patch Email Campaigns Install Malware
Researchers from Computer Associates and Sophos are reporting on three currently active malware campaigns using fake Microsoft patch themes as a social engineering tactic to spread over email.
The first one is spreading as an “Important Windows XP/Vista Security Update” and is offering a bogus Conficker removal tool, the second is using an “Outlook re-configuration” — also spammed earlier this month — and the third one is using an out-of-the-band “Update for Microsoft Outlook / Outlook Express (KB910721)” theme, which in reality is nothing else but a trojan.
The fake Conficker removal tool campaign has been active for over a week now, with Symantec pointing that not only are the authors unable to make the difference between Troj/Brisv.A and Conficker, but also, they misspelled Conficker as ConFlicker in between attaching their malware to Symantec’s original removal tool in an attempt to build more legitimacy into the campaign.
A similar fake “Conficker Infection Alert” spam campaign redirecting to scareware took place in April, however, despite the fact that cybercriminals continue sticking to the cyclical pattern of the “Microsoft security update/patch” social engineering theme, compared to previous campaigns where the timing was perfect, in this latest one it thankfully isn’t.
The second, Outlook re-configuration campaign is serving Outlook_update.exe through several legitimate and logically compromised web sites, next to the purely malicious ones. Interestingly, the third campaign promoting the fake Outlook critical update has directly attached the executable officexp-KB910721-FullFile-ENU.exe to the email, indicating their lack of experience in such campaigns.
Credit: ZDNet.com Security Blogs
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.