Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

Summary: A currently spamvertised malware campaign is brand-jacking Microsoft's Patch Tuesday for ZeuS crimeware serving purposes.

SHARE:

Timing is everything when it comes to event-based social engineering attacks.

A currently spamvertised malware campaign is brand-jacking Microsoft's Patch Tuesday for ZeuS crimeware serving purposes. What's particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary.

Sample subject: URGENT: Critical Security Update

Sample download: SECURITY_FIX_0231.exe

Sample message: Dear Microsoft Customer,

Please notice that Micraosoft company has recently issued a Security Updaate for Microsoft Windows OS. The Security Update is to prevent malicious users from getting access to your computer files.

The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update. Since public distribution of this Update through the official website have result in efficient creation of malicious software, we made a decision to issue this security update via e-mail.

Users are advised to avoid interacting with suspicious links and email attachments found in email messages.

Topics: Security, Collaboration, Malware, Microsoft, Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

21 comments
Log in or register to join the discussion
  • Message has been deleted.

    evil9
    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      What???s particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary <a href="http://www.graduaciones.banquetesinnova.com">Graduaciones</a>
      user202
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    "Micraosoft"? Really?
    Hallowed are the Ori
    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @Hallowed are the Ori
      And you wouldn?t believe the number of people, that will miss that. Some people will not catch the spelling error, download the malicious program, and run it. This is not something new, so some people must be falling for it.
      Rick_K
      • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

        @Rick_K

        While I agree ... people are pretty computer literacy challeneged ... and some folks will run nearly anything ... weren't you arguing exactly the opposite in the thread about the social engineering scam on MAC Defender?
        noagenda
    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      Actually, the misspellings are Danchev's. If you look at the screen shot "Microsoft" and "update" are both spelled correctly. There are other errors and tip-offs that clearly mark the message as fake, but not these misspellings. <br><br>It's disappointing when a journalist doesn't take the time to proofread his own work.
      FRXL
    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @Hallowed are the Ori

      To me, that's a clue that something isn't right in cyberspace.
      Eaglehawk_z
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    That EMail is done so incredibly poorly, I think anyone that falls for it should have all internet access cut off until they can pass a basic literacy and intelligence test.
    dev/null
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    THANK GOD! The security flaw doesn't exist in Vista. LMFAO!
    Imrhien
  • Message has been deleted.

    blind obedience
    • Message has been deleted.

      michael56555@...
    • Message has been deleted.

      bobiroc
    • Message has been deleted.

      clever_boy
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    This one takes an approach I haven't seen before - advising people to avoid the official (Microsoft) web site because that has been a source of malicious software. Talk about sewing confusion. Yes, you have to be pretty lame to fall for something like this, but I don't see any value in blaming the victims. On the other hand, publicizing this may help a few people who would otherwise be sucked in. I mean, many of the people who post on these blogs don't write much better than the author of the e-mail, despite their nose in the air attitude.
    thewhitedog
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    Also, MS is never referred to as Microsoft company, aways corporation.
    veseng
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    hey i have microsoft xp should i download the patch? lol

    That email is so poorly written, plus i dont think microsoft would even still release a patch for windows 98?!?

    People who fall for this and the 419 type scams deserve to have their bank accounts raided
    tempo1983
    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @tempo1983 While I admit that the email is so obviously lame in that it misspells the Microsoft company name and other such bad grammer errors. No one deserves to have their bank accounts raided.
      Computer_User_1024
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    I'm through with "patches" entirely anyway, until they've been vetted by the community.
    jthelw
  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    The piece from zdNet does not describe what happened and how it happened before plowing into a bit about what happened. The screenshot at the top does not count because it is too small to read.
    jimmiejo@...
  • Nice euphemism for stupid.

    Social engineering ... L.

    Remember the Amish Virus? An email directing you to format the hard drive? That was back in the day when the help desk would would also tell you to format the hard drive so ....

    I don't know, can't really say that anyone who opens *any* attachment in any email is a candidate for a Darwin Award, but it's close.

    Moreso for someone who clicks on a link in a mail when the mail tells you it's going to modify the system.

    But then there are still people who send money to Nigeria.

    So none of this should be surprising.

    Maintaining a computer has become idiot simple, so I guess the old saw about if you make something fool proof they'll just make better fools holds true.
    rmhesche