Fake Microsoft flaw notification trojan in the wild

Think you're lucky enough to have been notified of a new Microsoft Windows flaw seemingly before anyone else? Think again.

Researchers are warning PC users not to fall for an email scheme that pretends to be a warning and patch for a newly discovered flaw in Microsoft WinLogon Service.

The email tells users the flaw can allow malicious users to access a PC, then redirects them a malicious link that downloads a trojan.

The scam should be familiar to computer security researchers, said researcher Bojan Zdrnja of the SANS Internet Storm Center.

"Does all this sound familiar? Sure, it’s (almost) the same story that the Swen worm (or Gibe.F) tried to ‘sell’ to the users. Hopefully this one will not come close to doing what Swen did," he said.

Microsoft releases vulnerability patches on its regular Patch Tuesday schedule, the second Tuesday of every month. On the Thursday before that date, it releases preview information about the fixes.

Microsoft released three patches this month, two for Windows and one for Microsoft Exchange. The next Patch Tuesday is scheduled for June 13.

Sophos named the malware Troj/BeastPWS-C, and said it is capable of spying on users and stealing passwords if downloaded.

Graham Cluley, senior technology consultant at Sophos, said users should be careful with emails.

"People are slowly learning that Microsoft does not email out security fixes as attachments, but they also need to learn to be careful of blindly clicking on links to download fixes too without checking that the email is legitimate," he said. "In this case, the hackers made a mistake by referring to ‘Microsoft Coorp’ rather than ‘Microsoft Corp,’ but it’s possible that users would miss that typo in their rush to protect themselves."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.