The SANS Internet Storm Center (ISC) warns on its Web site that a fake Microsoft patch bulletin is circulating.
According to ISC handler Donald Smith, several people reported receiving an email directing them to a fake Microsoft patch.
“The email had their full names and in one case the company they worked for included in the body of the email,” Smith wrote. “So far I have seen four different URLs. We are working on getting the systems hosting the malware cleaned or shut down. We have submitted the malware itself to most of the antivirus vendors so detection should improve. But currently, it is not detected.”
Here’s an example of the text in these emails, typos included:
“You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list. A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is successful. Since then, more than 100,000 machines have been reported as exploited and used to promote spammy pharmacy products such as viagra and cialis. An update has been released to fix this issue and can be downloaded from the following link : http://windowsupdate.microsoft.com/outlook/upd ate-0-day/download.aspx?id=63852.
“It’s urgent to download and install the update as soon as possible in order to decrease the number of succesfull attacks that occure each day. The update is only available for Genuine Versions of Microsoft Outllok.”
Since Microsoft doesn’t send out random patches by email like this, users should treat any email billed as a Microsoft update with skepticism.