Yet another bogus Microsoft Security Bulletin

The spammers “attempt to” strike yet again!

This time the claim is “a new 0-day vulnerability which affects machines running MICROSOFT WORD and allows an attacker to take full control of the vulnerable computer if the exploitation process is successful”.

The truth being told, if you downloaded and ran Troj/Kango-D you were guaranteed to allow an attacker into your computer. The spammers have used the same template as the one described in the SophosLabs blog entry Bogus Microsoft Security Bulletin to spread their message to potential victims. This is not a new social engineering trick; we have seen instances of this as early back as 2005.