Yesterday afternoon our spam traps caught a piece of malware disguised as a false security alert from Microsoft:
Update for Microsoft Outlook / Outlook Express (KB910721)
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.
* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook Express
* File Name: officexp-KB910721-FullFile-ENU.exe
* Version: 1.4
* Date Published: Wed, 17 Jun 2009 17:03:27 +0300
* Language: English
* File Size: 81 KB
* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
* This update applies to the following product: Microsoft Outlook / Outlook Express
It does look plausible, the spelling and grammar are surprisingly correct, for malware authors, but, as ever, one should always be cautious concerning e-mail attachments. Even those that purport to come from Microsoft and especially those that contain executables.
Sophos suggests that you go to the official Microsoft website to obtain your fixes since anyone who succumbed to this scam, far from enjoying “the highest levels of stability and security“, will now be running a nasty little Trojan.
Sophos detects this threat as Troj/Spy-CU.