14 DAY TRIAL // Along with hardcore pornography, and promises of images with the latest pop idols barely clothed, Microsoft Security Bulletins are next in line as the preferred incentives in Windows attacks. This because it all comes down to trust. And security updates released by Microsoft carry sufficient legitimacy to dispel any concerns on behalf of unsuspecting victims. Security company Sophos has just warned of a fake Microsoft Security Bulletin that is being aggressively spammed, designed to infect Windows computers with the Mal/Behav-112 Trojan horse.
"The campaign is attempting to appear as a notification for a new "0-day vulnerability" for Microsoft Outlook, but in reality its purpose is to install a Windows-based Trojan. The greeting is personalized (Dear: ), mentions you are subscribed to the "Microsoft Windows Update mailing list", and asks you to download the patch from: http://windowsupdate.microsoft.com/ outlook/update-0-day/download.aspx?id=63852?," revealed a member of the SophosLabs.
Sophos revealed that the spam is targeted, and as such contains the identification data of the recipient. The message informs of a fresh zero-day vulnerability in Microsoft Outlook, allegedly labeled with a Critical severity rating because it allows for remote code execution. The email also informs users that in excess of 10,000 machines have been compromised and urges them to deploy the fake security update.
"Once the link is clicked, a request is not made to "microsoft.com" but instead to one of many compromised sites hosting a Trojan, proactively detected by Sophos as Mal/Behav-112. An interesting feature of this campaign is the target's full name, and in most cases the organization they are associated with, is mentioned within the message. The samples we have received also lists a bogus Microsoft Windows Licence key, all in an attempt to make the message look legitimate to the recipient," Sophos added.
