Malicious spam posing as fake vulnerability patch leads to Trojan horse infection
Experts at Sophos, a world leader in IT security and control, have
warned of a widespread attempt to infect email users by sending them a
warning about a bogus Microsoft security patch.
The emails, which have the subject line “Microsoft Security Bulletin
MS07-0065” pretend to come from Microsoft, and claim that a zero-day
vulnerability has been discovered in the Microsoft Outlook email
program. They go on to warn recipients that “more than 100,000
machines” have been exploited via the vulnerability in order to promote
medications such as Viagra and Cialis.
Users are encouraged by the email to download a patch which, it is
claimed, will fix the problem and prevent them from becoming attacked
However, clicking on the link contained inside the email does not
take computer users to Microsoft’s website but one of many compromised
websites hosting a Trojan horse. Sophos proactively detects the Trojan,
without requiring an update, using Behavioral Genotype® Protection as Mal/Behav-112.