Sophos has issued a warning of a widespread attempt to infect computers by emailing users about a bogus Microsoft security patch. If you’re unfortunate enough to install it, your computer will become infected some serious malware.
The email, purporting to be from Microsoft, has “Microsoft Security Bulletin MS07-0065” in the subject line and claims that a zero-day vulnerability has been discovered in the Microsoft Outlook email program. It goes on to warn the recipient that “more than 100,000 machines” have been exploited by the vulnerability in attempts to sell Viagra and Cialis.
The bogus email encourages users to download a patch from http:// windowsupdate. microsoft.com/ outlook/ update-0-day / download.aspx?id=63852 (without the spaces) it claims will fix the problem and prevent them from being attacked by hackers. Clicking the link in the email does not take you to the Microsoft update site. Instead, it takes you to one of many compromised websites that hosts a trojan horse identified by Sophos as Mal/Behav-112.
Examples of the fraudulent emails seen by Sophos have contained the recipient’s full name and the name of the company they work for.
“Security bulletins from Microsoft describing vulnerabilities in their software are a common occurence, and so its not a surprise to see hackers adopting this kind of disguise in their attempt to infect Windows PCs,” said Graham Cluley, senior technology consultant for Sophos. “The irony is that as awareness of computer security issues has risen, and the need for patching against vulnerabilities, so social engineering tricks which pose as critical software fixes are likely to succeed in conning the public.”
“By using people’s real names, the Microsoft logo, and legitimate-sounding wording, the hackers are attempting to fool more people into stepping blindly into their bear-trap,” continued Cluley. “Users need to be on their guard against this kind of confidence trick or they risk handing over control of their PC to hackers with criminal intentions. They should also ensure that they are downloading Microsoft security updates from Microsoft itself, not from any other website.”
For more information, visit the SophosLabs blog.
Microsoft publishes information for consumers about how to recognize and avoid fraudulent emails to Microsoft customers and information regarding valid Microsoft security updates. Remember too that Microsoft never emails updates as attachments either.