SDBot

Jul 1, 2005 11:28 GMT  ·  By

This year, the heat wave is accompanied by a spam wave. Security experts warn users of a new type of spam that camouflages in a Microsoft security bulletin which contains a link to malicious software application. By accessing this link, one opens the security door to an attacker who is able to take control of the system.

The e-mail message claims to be the MS05-039 security bulletin and includes a link to a patch that allegedly protects the system from Sober, Zafi and Mytob.

Mikko Hypp, director of anti-virus reasearch at F-Secure, says that such a security bulletin doesn't exist and that Microsoft includes in its mails a link to the download site not directly to the patch.

According to WebSense, this so-called patch is actually a version of the SDBot Trojan horse software which is not detected by any antivirus solution.

However, the infection risk is low, because it appears that the server which hosts the malicious software is currently inactive.

"I think this particular case is not going to be a problem anymore, but nevertheless I think it was a fairly interesting case," Hypp says. "I wouldn't be surprised to see more of this happening."