14 DAY TRIAL // A new spam campaign involving emails masquerading as notifications from Microsoft Window Update are designed to server a Trojan Horse to unsuspecting users. The emails claiming to come from the Redmond company are recommending users to download and install a Critical Security Update. The messages are accompanied by an attachment in archived format dubbed update.zip. However, instead of a critical patch for Windows, users that do download and deploy the contents delivered with the attachment actually infect their machines with Trojan-Downloader:W32/Agent.FDA.
"Some malware authors are still fond of using the good old techniques to spread their wares. One of these techniques is to send e-mail messages with "Security Updates", released by a well-known software vendor. Today we received multiple reports about a message claiming to be a "Critical Security Update" from Microsoft. The message had a ZIP archive with a trojan downloader inside. To become infected a user needs to extract the trojan's file and to run it," explained a representative from F-Secure.
As you can see from the image included at the bottom of this article, the message makes no efforts to look legitimate. The random fragment of text is the result of a hash-buster, and is designed to bypass email filters. "This fake update message does not even look legitimate, so we're not going to see a lot of real infections," the F-Secure member added.
"Dear, customer - New bug in Windows Kernel was found. It makes your computer vulnerable. We strongly recommend you to install this Critical Update (in attacment). Best Regards, Microsoft Window Update," reads the actual message, complete with spelling errors. Users should understand that Microsoft has built a comprehensive infrastructure for the delivery of updates to its products, and that the company is not pushing Critical Update for its operating system via email. Such emails are only poor examples of social engineering.
