Fake Microsoft patch spam makes rounds

Share this article:
A new spam attack falsely alerts users to download a Microsoft patch, but when responded to, the user is directed to a page that installs malware on the user's computer.

According to a report from security provider Websense, the message tells users that their Windows version is vulnerable to a critical security issue and directs them to a download page. The link actually uses an open redirect to a legitimate shopping site. From there, the redirect forwards users to a URL with a pop-up box, instructing the user to click “yes” to start the download, Dan Hubbard, chief technology officer at Websense, told SCMagazineUS.com on Wednesday.

“It's a deception attack, where it is made to look like a Microsoft update and the user has to take action, rather than an exploit where the user gets infected without saying yes to the download,” Hubbard said.

The downloaded malware infects the computer with a backdoor that can be exploited by hackers Hubbard said. However, the spam is easy to spot because Microsoft does not send email notifications about patch updates.

One of the more interesting aspects to this spam, Hubbard said, is the actual root of the domain name used – it will take the user to the U.S. Secret Service website.

“We believe they are doing that because some security products only look at the top-level domain name, rather than look at the whole name,” Hubbard explained. “In this case, the security product would see it was going to the Secret Service and let it go.”

Avivah Litan, Gartner vice president and distinguished analyst, said this is just more proof that cybercriminals are getting smarter.

“The people sending out the spam are figuring out how to avoid the filters or reputation systems,” she said.  

It is just one more instance that shows the need for stronger authorization on the Internet, she said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.