Genuine Microsoft Software Trojan Infection
A social engineering technique and two different attack methods are used in a new spam attack threating users before Microsoft’s “Patch Tuesday”. The spamming operation takes advantage of anticipation itself for the release of patches by Microsoft. Sample email screenshot can be seen in here.
The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.
Installation of this “patch” would mean system infection. Users could be infected in two different ways. The attachment in this email is a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan. The spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.**********.**/sldb_daten/log/new.php. This Trojan downloads another Trojan from this website. The downloaded Trojan is detected as TROJ_AGENT.AZAZ.
Users are advised to avoid trusting email messages, especially if they are unsolicited.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.