Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Spam Reports

January 4th, 2011, 16:57 GMT · By

Fake Windows Security Update Emails Spread Worm

SHARE:

Adjust text size:


Worm distributed via email as fake Windows update
Enlarge picture
Security researchers from Sophos warn of a new malware distribution campaign that tries to pass an AutoRun worm as a critical Windows security update.

The spam emails bear a subject of "Update your Windows" and their header is forged to appear as if they originate from a no-reply@microsft.com [intentional domain typo] address.

The rather lengthy message contained within claims that a security update was recently released for all Windows versions, including Windows 2000 which is no longer supported.

Furthermore, cybercriminals claim the user's computer is set to receive email notifications and encourages them to install the alleged update in the KB453396-ENU.zip attachment.

The executable inside the ZIP archive is not an update, but the installer for a computer worm that spreads via USB sticks and is detected by Sophos as W32/Autorun-BMF.

To avoid attracting suspicion because nothing is displayed when the executable is opened, the malware distributors claim in the email that this is the result of OS preferences to run updates in the background.

They even go as far as to impersonate a well known Microsoft representative by signing the email message as Steve Lipner, Director of Security Assurance, Microsoft Corporation.

It seems that for this attack they modified the template used in a similar spam campaign that ran back in 2008. That explains Mr. Lipner's outdated title, who is now Microsoft's senior director of Security Engineering Strategy.

"Of course, Mr Lipner has nothing to do with the emails and Microsoft never distributes security updates via email attachments. Nevertheless, there have been a series of attacks that have abused his name in the past," notes Graham Cluley, senior technology consultant at antivirus vendor Sophos.

There are several elements that give this spam away, the most obvious of which is the rather poor spelling of the message. Nevertheless, users should be extra cautious when dealing with email attachments, even if they appear to originate from trusted sources. Online services like VirusTotal can be used to scan them.

TELL US WHAT YOU THINK:

1,246 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Rogue Windows Malicious Software Removal Tool Used to Push Scareware
Fake Windows Security Bulletin Notifications Link to Malware
Microsoft Updates Spam Emails Spread Malware

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use