scoutt
10-16-2008, 08:16 AM
(October 11, 2008)
New spam messages are spreading, purporting to contain "an experimental
private version of an update for all Microsoft Windows OS users." While
there is nothing new about malware spreading in the guise of security
updates, the fact that these messages are arriving just as Microsoft is
scheduled to release its October update makes it more likely that the
attackers will have a greater level of success. The executable file
attached to the message infects users' computers with malware. The spam
offers several clues that it is not legitimate; the grammar is dodgy and
the message claims that the update addresses versions of Windows that
are no longer supported and for which patches would not therefore be
issued. Microsoft never sends security updates as email attachments.
http://www.vnunet.com/vnunet/news/2228041/malware-writers-spoof-patch
[Editor's Note (Ullrich): An interesting feature of this e-mail is the
use of a fake PGP signature. The signature block is actually just random
data, but it is supposed to provide the e-mail with more credibility.
(Skoudis): It's also interesting that the bad guys continue to have
massive grammar problems in their phishing schemes. Some of their prose
is almost comical. Perhaps someday we'll see organized cyber crime
rings employing in-house grammarians to clean up their wording before
they foist it on unsuspecting users.
(Pescatore): this is another data point why "private patches" (patches
that come from other than the software vendor) are a very bad idea.]
New spam messages are spreading, purporting to contain "an experimental
private version of an update for all Microsoft Windows OS users." While
there is nothing new about malware spreading in the guise of security
updates, the fact that these messages are arriving just as Microsoft is
scheduled to release its October update makes it more likely that the
attackers will have a greater level of success. The executable file
attached to the message infects users' computers with malware. The spam
offers several clues that it is not legitimate; the grammar is dodgy and
the message claims that the update addresses versions of Windows that
are no longer supported and for which patches would not therefore be
issued. Microsoft never sends security updates as email attachments.
http://www.vnunet.com/vnunet/news/2228041/malware-writers-spoof-patch
[Editor's Note (Ullrich): An interesting feature of this e-mail is the
use of a fake PGP signature. The signature block is actually just random
data, but it is supposed to provide the e-mail with more credibility.
(Skoudis): It's also interesting that the bad guys continue to have
massive grammar problems in their phishing schemes. Some of their prose
is almost comical. Perhaps someday we'll see organized cyber crime
rings employing in-house grammarians to clean up their wording before
they foist it on unsuspecting users.
(Pescatore): this is another data point why "private patches" (patches
that come from other than the software vendor) are a very bad idea.]