We are accustomed to malware authors releasing malware every time Microsoft releases security bulletins on Patch Tuesdays. True enough, TrendLabs has yet again received reports of a malware taking advantage of this month’s Patch Tuesday to lure victims into downloading its copies.

Detected by Trend Micro as TROJ_DROPPER.DCU, this malware disguises itself as a new Microsoft security patch for Windows by using file names such as WindowsXP-KB923810-x86-ENU.exe and MSWORDRC2007Update-K79342.exe, which appear to be very similar to the name format of a Microsoft fix patch file.

One interesting characteristic of this Trojan is that it may also drop a legitimate Microsoft patch for the Kodak Image Viewer Vulnerability, making it appear that the downloaded Trojan is also a legitimate file. These malicious files were reportedly hosted on certain IP blocks in a new hosting provider’s IP space, and were being employed by the notorious Russian Business Network operatives.

Users should know by now never to download these security patches from any other Web site other than the Microsoft Windows Update page.

Information provided by Trend Micro Network Architect Paul Ferguson