Before Patch Tuesday, There Were Malware

April 7, 2008 – 5:26 AM

Recycling an old social engineering technique and using two different attack methods, a new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities.

What this spamming operation takes advantage of is the anticipation itself for the release of patches by Microsoft. A sample email message looks like this:

Microsoft SPAM

The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.

To install the said “patch” would mean system infection, of course.

What’s interesting is that users could be infected in two different ways. There’s the attachment in the email, a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan.

Besides the malicious attachment, the spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.{BLOCKED}ook.de/sldb_daten/log/new.php. This Trojan downloads another Trojan from this Web site; the downloaded Trojan is detected as TROJ_AGENT.AZAZ.

Trend Micro users are already protected from these two Trojans. Still, everyone is advised to avoid trusting email messages, especially if they are unsolicited.

Source: Trend Micro

You must be logged in to post a comment.