Bogus security bulletin plants trojan horse on user PCs

Posted by Wolfgang Gruener

Chicago (IL) – Sophos warns about a fake Microsoft security that tries to lure users into downloading a patch that really is a trojan horse.

Computer users should be careful about a currently spreading emails that warns about a zero-day vulnerability in Microsoft Outlook. According to security firm Sophos, an email with the subject line "Microsoft Security Bulletin MS07-0065" claims that "more than 100,000 machines" have been exploited via the vulnerability, in order to promote medications such as Viagra and Cialis.  

The email, which the company looks like an authentic email from Microsoft, takes the user to “one of may websites” hosting the malicious code identified as Mal/Behav-112, which is a worm with backdoor functionality.

“Microsoft has been issuing security bulletins for years detailing vulnerabilities in their software so it’s of no surprise that hackers are adopting this kind of disguise in their attempt to infect Windows PCs,” said Ron O’Brien, senior security analyst at Boston-based Sophos. “The hackers are using people’s real names, the Microsoft logo, and legitimate-sounding messaging in the email so computer users need to be very cautious.”

Sophos said that the emails display a bogus Windows licence key, the user’s full name and often the organization they are associated with.