Before Patch Tuesday, There Were Malware

April 6th, 2008 by Jake Soriano (Technical Communications)

Recycling an old social engineering technique and using two different attack methods, a new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities.

What this spamming operation takes advantage of is the anticipation itself for the release of patches by Microsoft. A sample email message looks like this:

Spammed Message

The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.

To install the said “patch” would mean system infection, of course.

What’s interesting is that users could be infected in two different ways. There’s the attachment in the email, a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan.

Besides the malicious attachment, the spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.{BLOCKED}ook.de/sldb_daten/log/new.php. This Trojan downloads another Trojan from this Web site; the downloaded Trojan is detected as TROJ_AGENT.AZAZ.

Trend Micro users are already protected from these two Trojans. Still, everyone is advised to avoid trusting email messages, especially if they are unsolicited.

Print Posts
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.25 out of 5)
Loading ... Loading ...

Subscribe in a reader

Most Recent Posts

Most Popular Posts

Links

Blogroll


Scan for free!