CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 7th, 2008

Genuine Microsoft Software Trojan Infection

A social engineering technique and two different attack methods are used in a new spam attack threating users before Microsoft’s “Patch Tuesday”. The spamming operation takes advantage of anticipation itself for the release of patches by Microsoft. Sample email screenshot can be seen in here.

The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.

Installation of this “patch” would mean system infection. Users could be infected in two different ways. The attachment in this email is a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan. The spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.**********.**/sldb_daten/log/new.php. This Trojan downloads another Trojan from this website. The downloaded Trojan is detected as TROJ_AGENT.AZAZ.

Users are advised to avoid trusting email messages, especially if they are unsolicited.

Share this article with others:

More on CyberInsecure:
  • Trojans Likely To Follow Win 7 Activation Hack
  • Microsoft’s “Experimental Security Fix” Is Actually A Malware
  • Remote Access Trojan Distributed Through Microsoft Update Catalog
  • Botnet Kit And Service Offered To Non-Techies
  • Nobel Peace Prize Website Compromised, Infects Visitors Through Zero-Day Firefox Vulnerability

    • Posted in Malware, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Monday, April 7th, 2008 at 5:09 am and is filed under Malware, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Genuine Microsoft Software Trojan Infection

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »