A highly targeted fake Microsoft Security Bulletin is being spammed out today. The campaign is attempting to appear as a notification for a new “0-day vulnerability” for Microsoft Outlook, but in reality its purpose is to install a Windows-based Trojan.
The greeting is personalized (Dear: <firstname> <lastname>), mentions you are subscribed to the “Microsoft Windows Update mailing list”, and asks you to download the patch from:
Once the above link is clicked, a request is not made to “microsoft.com” but instead to one of many compromised sites hosting a Trojan, proactively detected by Sophos as Mal/Behav-112.
An interesting feature of this campaign is the target’s full name, and in most cases the organization they are associated with, is mentioned within the message. The samples we have received also lists a bogus Microsoft Windows Licence key, all in an attempt to make the message look legitimate to the recipient.
REGISTERED TO : <Firstname> <Lastname> , – <Organization>
Licence KEY : <key>