Fake Microsoft security e-mail spreads malicious code

Spammers are cashing in on a recent stir over allegedly problematic Windows security patches

It didn't take long for the bad guys to cash in on the confusion surrounding so-called faulty Windows patches. Cisco Security Intelligence Operations is reporting significant activity of spam e-mail messages that claim to offer a fix for security flaws in various Microsoft products.

This spam comes in a week where flaws in security updates affecting Windows were reported by security company Prevx, then denied by Microsoft and finally retracted by Prevx, leading to the security company issuing a public apology. Users however, remain unconvinced that the November Patch Tuesday security patches were not to blame for an increase in occurrences of the black screen of death. Many readers have posted personal accounts of their own black screens of death which they attribute to the patches.

The situation is ripe for the plucking for spammers using that fear to tempt users into downloading malicious software. Cisco reports that text in the e-mail message instructs the recipient to click on a link to download updates that will fix security issues in Microsoft Internet Explorer, Windows XP, Windows Vista, or Windows 7.  However, the link downloads an .exe file that attempts to install malicious software on the user's system.

Cisco reports that the following text is a sample of the e-mail message that is associated with this threat outbreak:

Subject: URGENT!!Microsoft Updates!

Message Body:

MIME-Version: 1.0

Content-type: text/html; charset=iso-8859- 1

From: supportmicrosoft.com

Message-Id: <20091203080449.1 995838E2920teks aid.joinvps.c om

Date: Thu, 3 Dec 2009 08:04:49 +0000 (IJTj

H ello,A few microsoft products have been found to have ome holes in them allowing hackers to take over and control users PC. f you are running: Microsoft Internet Explorer, Windows XP, Windows =ista, or Windows 7 then you are at risk of losing your computer and all f your datakbr bIf you have not already got the pdate goto this link: httplfmssupport.sytes.et/lipdater.exe or this link: http :/ftinyur1.com/microsof-up dater and get the Updater to fix the holes to protect yourself team.  Thanks, Microsoft Support Team.

Cisco is reporting the outbreak because it owns the IronPort spam and anti-malware product. IronPort's security operations center analysts examine real-world e-mail traffic from over 100,000 contributing organizations worldwide. Cisco says the spam attack is a "hot" one in the wild and that potential damage from it is moderate. The attack is being kept in check because the spam should be fairly easy to spot with enterprise-class malware detection products like IronPort.

On the other hand, attacks against Windows are so popular because many of the naive masses have made Windows their operating system of choice. (Per comment below: By the term "naive masses" I mean that those who are least computer literate are most likely to use Windows and it would only be someone naive that would fall for such a scam as this one.) Even with such a poorly crafted e-mail attack as the one above, how many moms, pops and grandparents could fall prey?

Like this post? Check out these others.

Plus, visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Follow All Microsoft Subnet bloggers on Twitter

Follow Julie Bort on Twitter
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey 2021: The results are in