14 DAY TRIAL // A wave of fake emails distributing a variant of the notorious ZeuS banking trojan and posing as Windows security update notifications has been in circulation for almost a week.
According to security researchers from email and web security vendor AppRiver, the spam campaign began last Friday in advance of Microsoft's Patch Tuesday and is still running.
The fake emails purport to come from Microsoft Canada and bear a subject of "URGENT: Critical Security Update."
Recipients are advised to download and install an important patch released by Microsoft for all versions of Windows, which is actually a trojan. The email's body reads:
"The Security Update is to prevent malicious users from getting access to your computer files. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.
"Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update."
The scam is not very well constructed. The text is poorly spelled and a native English speaking would immediately realize that this is clearly not the work of a company like Microsoft.
In addition, the update claims to also apply to Windows 98 and 2000, versions of Windows which are no longer supported by Microsoft. Meanwhile, Windows Vista is missing from the list.
There's a strong possibility that whoever is behind this campaign copied an old spam template and made small changes to it, like adding Windows 7 to the enumeration.
No efforts have been made to obfuscate or hide the true destination of the download link, which points to a location under the twotowers.ca domain name.
Despite the poor quality of the spam, some users might be fouled since Microsoft did indeed release some scheduled updates during this period. Of course, Microsoft has never and will never disseminate updates via email.