Along with the vulnerabilities posed by the flaws for which Microsoft released patches on Tuesday, users of the software giant's products have a new obstacle to grapple with: a fake notification mailing that looks remarkably legitimate.
Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking mailings to Microsoft customers that include a Trojan virus called Trojan.Backdoor.Haxdoor that could allow attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.
Christopher Budd, a security program manager in the Microsoft Security Response Center, explained in a security posting: "The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mail [messages] posing as Microsoft security notifications with attached malware aren't new...this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it."
Budd warned: "While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor."
Dancho Danchev at ZDNet Asia's sister site ZDNet.com's Zero Day considered whether the timing of this malware campaign will boost its success rate. "Compared to the recent targeted malware attack against US schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate--no matter the timing," Danchev wrote.
Microsoft's October 2008 security bulletin included four critical bulletins concerning Windows, Internet Explorer, Microsoft Host Integration Server and Microsoft Excel.
This article was first published as a blog on CNET News.com.
Play video
There are currently no comments for this post.