Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

Timing is everything when it comes to event-based social engineering attacks.

A currently spamvertised malware campaign is brand-jacking Microsoft's Patch Tuesday for ZeuS crimeware serving purposes. What's particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary.

Sample subject: URGENT: Critical Security Update

Sample download: SECURITY_FIX_0231.exe

Sample message: Dear Microsoft Customer,

Please notice that Micraosoft company has recently issued a Security Updaate for Microsoft Windows OS. The Security Update is to prevent malicious users from getting access to your computer files.

The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update. Since public distribution of this Update through the official website have result in efficient creation of malicious software, we made a decision to issue this security update via e-mail.

Users are advised to avoid interacting with suspicious links and email attachments found in email messages.