« More Faux-Amazon Malware Delivery | Main | Medz Spammer Twits »
Home | The Book | Training | Events | Tools | Stats |
April 14, 2010
Bogus Microsoft Infection AlertI wanted to write about this yesterday, but had my head up my computer for the past 48 hours working on one stinking bug. Speaking of squashing bugs, the author of the malware delivery vehicle described here deserves a big ol' stompin'.
Here's the message:
From: "Microsoft Team" <support@microsoft.com>
Subject: Conflicker.B Infection Alert
Dear Microsoft Customer,
Starting 12/11/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
The message included an attachment named start.zip (identical in the two samples I saw).
Microsoft, of course, doesn't send out email messages like this — especially with an error in naming the worm in the Subject: line. Also, a very similar message without an attachment circulated last week. It featured a link that led to a scareware page (a page that tries to make you think your PC is infected so you'll buy a PC cleaner package to be safe). If you fall for this trick, the cleaning software is actually a massively invasive Trojan. You might as well ship your PC and all login credentials to Eastern Europe to save time. I'm sure the attachment included with the messages I saw lead to the same end.
Posted on April 14, 2010 at 03:42 PM