Several of our readers reported an email that lead to a fake Microsoft patch being spammed on the net today. The email had their full names and in one case the company they worked for included in the body of the email. So far I have seen 4 different urls. We are working on getting the systems hosting the malware cleaned or shutdown. We have submitted the malware itself to most of the AV vendors so detection should improve but currently it is not detected.
Thanks go out to PatrickC, TroyP, NathanM, BruceD and CalebC.
You can see in the body of the email below that the spelling is bad and the license key is not in the right format for XP nor Outlook.
One of the submitters “PatrickC” provided the following email for a fake Microsoft patch and malware site.
“The following email I received is new to me. The URL points to hxxp://fake.microsoft.site./
You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list.
A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull.
Since then, more than 100,000 machines have been reported as exploited and used to promote spammy pharmacy products such as viagra and cialis.
An update has been released to fix this issue and can be downloaded from the following link :
It's urgent to download and install the update as soon as possible in order to decrease the number of succesfull attacks that occure each day. The update is only available for Genuine Versions of Microsoft Outllok.
Your Microsoft Windows Licence Information is :
REG ISTERED TO : Patrick
From Norman Sandbox:
MSOUTRC2007Update-KB863892.exe : INFECTED with W32/Malware (Signature: NO_VIRUS)
[ DetectionInfo ]
We notified one of the support teams at a hosting provider that a virus was found on one of there customers systems.
Their auto responder responded within a minute.
Jun 26th 2007
|Thread locked Subscribe||
Jun 26th 2007
1 decade ago