Comtech3’s Weblog

Just another weblog

Fake Microsoft e-mail contains Trojan virus

Posted by comtech3 on October 15, 2008

October 14, 2008 8:10 PM PDT

Posted by Steven Musil

Along with the vulnerabilities posed by the flaws for which Microsoft released patches on Tuesday, users of the software giant’s products have a new obstacle to grapple with: a fake notification mailing that looks remarkably legitimate.

Attackers are apparently taking advantage of Microsoft’s Patch Tuesday to send legitimate-looking mailings to Microsoft customers that include a Trojan virus called Trojan.Backdoor.Haxdoor that could allow attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.

Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the mailings in a security posting:

We received some questions from customers about an e-mail that’s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren’t new (we’ve seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor.”

Dancho Danchev at ZDNet’s Zero Day ponders whether the timing of this malware campaign will beef up its success rate.

“Compared to the recent targeted malware attack against U.S schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate – no matter the timing,” Danchev writes.

Microsoft’s October 2008 security bulletin included four critical bulletins concerning Windows, Internet Explorer, Microsoft Host Integration Server, and Microsoft Excel.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: