Search
Virus Protection

PC Tools Spyware Doctor w/ Antivirus v6.0 FREE DOWNLOAD and VIRUS SCAN      Stopzilla Download - Get Rid of Spyware, Viruses, and Adware Today!

Fake Windows Security Bulletin Notifications Link to Malware – Softpedia

December 8th, 2009 | Author: admin
Malware distributors continue resorting to the fake software update lure for their email spam campaigns. The latest attack poses as a notification regarding a Windows security bulletin, which links to a malicious executable.

The rogue emails impersonate Steve Lipner, Microsoft’s Director of Security Assurance, who allegedly informs the receiver about a high-priority security update for all versions of Windows. "Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 2000, Microsoft Windows Millenium [sic], Microsoft Windows XP, Microsoft Windows Vista and Microsoft Windows 7," the fake message reads.

There are some more or less subtle signs that this email is fake, depending on who's at the receiving end. For example, for an IT professional, the poor technical language used or the fact that Windows Millennium is no longer receiving updates since 2006, when its product life ended, will ring alarm bells. However, the message is credible enough to trick an average user.

As expected, the email goes on to recommend that the security update be installed immediately and provides a link to download it. It even tries to explain the reason for the message reaching your inbox in the first place, by claiming that "your computer is set to receive notifications when new updates are available."

The Windows-KBxxxxx-ENU.exe executable file linked in the email is generically detected by Sophos as Mal/EncPK-LL. "The executable itself is a Delphi executable packed using a custom packer but it seems to be malformed and caused errors while executing on my test system. Additional testing would be required for a detailed analyses of the cause," Vanja Svajcer, Sophos' principal virus researcher, explains.

This spam run is a reiteration of an older one that circulated back in October 2008. Just as in this case, the 2008 campaign was timed to hit right before Microsoft released its monthly security bulletin, a day known in the industry as "Patch Tuesday."

The security updates theme is a recurring one with malware distributors. Back in June, we reported on two similar email attacks that offered a bogus Microsoft Outlook security update and a Microsoft-developed removal tool for the infamous Conficker worm. Security experts advise against following direct links to executable files sent through email.

This content has passed through fivefilters.org.

Posted in Computer Security

Comments are closed.

RSS Virus Removal Help
  • Zlob Downloader Trojan
    Do You need help with the zlob trojan virus? Here we have compiled a little info for you about the dangers and effects of the computer trojan, and also have resources for removal tools. […]
  • Smitfraud C Will Hijack Your Background on Your Computer! Read This to Stop It!
    Has the image on your desktop changed to something that you are completely unfamiliar with? The virus known as Smitfraud C could be the cause of something like this. We have the solution to your problems! […]
  • Need to Remove Zlob? Read This First
    Zlob is no joke, and it can be a huge hassle to remove. If you have downloaded on your computer you will want to remove it quickly and have some sort of protection to keep it off. Read on for some tips and resources that I recommend... […]
  • SmitFraud Removal Tool - Know What is Real and Fake!
    Do you have smitfraud and a program called SmitFraudFixTool has been bugging you to download and buy a program to remove the Smitfraud Downloader? You Need to read this article to find out why this program is fake! […]
  • Virtumonde Virus - How Do I Remove Virtumonde Once and For All?
    Virtumonde is a horrible and very aggressive computer virus that is prevalent online today. If you have this virus you need to remove it as soon as you can to stop serious PC problems. […]
services
Virus Removal

Contact Us | Privacy Policy
Copyright © 2009 Win32 Virus Removal | All Rights Reserved | Jade Theme by dkszone.net

Powered by WordPress

Powered by Yahoo! Answers