Malicious Microsoft Security Update spammed out before Patch Tuesday

Filed Under: Malware, Spam

Hackers are trying to infect innocent computer users with a malicious Trojan horse disguised as a Microsoft security update, in the hours before the software giant issues genuine critical patches as part of its monthly "Patch Tuesday" cycle.

The emails, which have the subject line "Security Update for OS Microsoft Windows" and claim to come from Steve Lipner at securityassurance@microsoft.com, try to fool unsuspecting computer users that the attached file is a high priority update that should be installed by users of various flavours of Microsoft Windows.

One of the malicious emails

However, running the attached file infects Windows computer users with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC. The file attached to the file is named KBxxxxxx.exe (where 'xxxxxx' is a randomly generated number) in order to disguise itself as a knowledgebase file.

Computer users need to learn that Microsoft never sends out security updates as email attachments, and that they should always visit the genuine Microsoft website (or use automatic updating processes) to keep their systems current.

The attack appears to have been timed to coincide with Microsoft's genuine monthly patch cycle. On the second Tuesday of each month (known as "Patch Tuesday"), the firm issues security patches for its software and operating systems, and it has announced a series of updates which will be made available tomorrow.

Sophos is intercepting the malicious emails spammed out by the hackers, which read as follows:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.