Bogus Microsoft Security Bulletin

Filed Under: Malware, SophosLabs, Spam

A highly targeted fake Microsoft Security Bulletin is being spammed out today. The campaign is attempting to appear as a notification for a new "0-day vulnerability" for Microsoft Outlook, but in reality its purpose is to install a Windows-based Trojan.

The greeting is personalized (Dear: <firstname> <lastname>), mentions you are subscribed to the "Microsoft Windows Update mailing list", and asks you to download the patch from:

"http://windowsupdate.microsoft.com/outlook/update-0-day/download.aspx?id=63852"

Once the above link is clicked, a request is not made to "microsoft.com" but instead to one of many compromised sites hosting a Trojan, proactively detected by Sophos as Mal/Behav-112.

An interesting feature of this campaign is the target's full name, and in most cases the organization they are associated with, is mentioned within the message. The samples we have received also lists a bogus Microsoft Windows Licence key, all in an attempt to make the message look legitimate to the recipient.

REGISTERED TO : <Firstname> <Lastname> , - <Organization>
Licence KEY : <key>

Sample Screenshot:

Microsoft Security Bulletin MS07-0065 - Critical Update

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Brett is a Technical Lead in the AntiSpam Operations team within SophosLabs. He has been working for Sophos since their acquisition of ActiveState in 2003.