Must Read: Galaxy Note 8.0 tablet: Beating the iPad mini (review)

Topic: Security

Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

Summary: A currently spamvertised malware campaign is brand-jacking Microsoft's Patch Tuesday for ZeuS crimeware serving purposes.

Dancho Danchev

By for Zero Day |

Timing is everything when it comes to event-based social engineering attacks.

A currently spamvertised malware campaign is brand-jacking Microsoft's Patch Tuesday for ZeuS crimeware serving purposes. What's particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary.

Sample subject: URGENT: Critical Security Update

Sample download: SECURITY_FIX_0231.exe

Sample message: Dear Microsoft Customer,

Please notice that Micraosoft company has recently issued a Security Updaate for Microsoft Windows OS. The Security Update is to prevent malicious users from getting access to your computer files.

The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update. Since public distribution of this Update through the official website have result in efficient creation of malicious software, we made a decision to issue this security update via e-mail.

Users are advised to avoid interacting with suspicious links and email attachments found in email messages.

Topics: Security, Collaboration, Malware, Microsoft, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

21 comments
Log in or register to join the discussion

  • Message has been deleted.

    evil9
    Reply Vote

    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      What???s particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary <a href="http://www.graduaciones.banquetesinnova.com">Graduaciones</a>
      user202
      Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    "Micraosoft"? Really?
    Hallowed are the Ori
    Reply Vote

    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @Hallowed are the Ori
      And you wouldn?t believe the number of people, that will miss that. Some people will not catch the spelling error, download the malicious program, and run it. This is not something new, so some people must be falling for it.
      Rick_K
      Reply Vote

      • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

        @Rick_K

        While I agree ... people are pretty computer literacy challeneged ... and some folks will run nearly anything ... weren't you arguing exactly the opposite in the thread about the social engineering scam on MAC Defender?
        noagenda
        Reply Vote

    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      Actually, the misspellings are Danchev's. If you look at the screen shot "Microsoft" and "update" are both spelled correctly. There are other errors and tip-offs that clearly mark the message as fake, but not these misspellings. <br><br>It's disappointing when a journalist doesn't take the time to proofread his own work.
      FRXL
      Reply Vote

    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @Hallowed are the Ori

      To me, that's a clue that something isn't right in cyberspace.
      Eaglehawk_z
      Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    That EMail is done so incredibly poorly, I think anyone that falls for it should have all internet access cut off until they can pass a basic literacy and intelligence test.
    dev/null
    Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    THANK GOD! The security flaw doesn't exist in Vista. LMFAO!
    Imrhien
    Reply Vote

  • Message has been deleted.

    blind obedience
    Reply Vote

    • Message has been deleted.

      michael56555@...
      Reply Vote

    • Message has been deleted.

      bobiroc
      Reply Vote

    • Message has been deleted.

      clever_boy
      Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    This one takes an approach I haven't seen before - advising people to avoid the official (Microsoft) web site because that has been a source of malicious software. Talk about sewing confusion. Yes, you have to be pretty lame to fall for something like this, but I don't see any value in blaming the victims. On the other hand, publicizing this may help a few people who would otherwise be sucked in. I mean, many of the people who post on these blogs don't write much better than the author of the e-mail, despite their nose in the air attitude.
    thewhitedog
    Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    Also, MS is never referred to as Microsoft company, aways corporation.
    veseng
    Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    hey i have microsoft xp should i download the patch? lol

    That email is so poorly written, plus i dont think microsoft would even still release a patch for windows 98?!?

    People who fall for this and the 419 type scams deserve to have their bank accounts raided
    tempo1983
    Reply Vote

    • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

      @tempo1983 While I admit that the email is so obviously lame in that it misspells the Microsoft company name and other such bad grammer errors. No one deserves to have their bank accounts raided.
      Computer_User_1024
      Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    I'm through with "patches" entirely anyway, until they've been vetted by the community.
    jthelw
    Reply Vote

  • RE: Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

    The piece from zdNet does not describe what happened and how it happened before plowing into a bit about what happened. The screenshot at the top does not count because it is too small to read.
    jimmiejo@...
    Reply Vote

  • Nice euphemism for stupid.

    Social engineering ... L.

    Remember the Amish Virus? An email directing you to format the hard drive? That was back in the day when the help desk would would also tell you to format the hard drive so ....

    I don't know, can't really say that anyone who opens *any* attachment in any email is a candidate for a Darwin Award, but it's close.

    Moreso for someone who clicks on a link in a mail when the mail tells you it's going to modify the system.

    But then there are still people who send money to Nigeria.

    So none of this should be surprising.

    Maintaining a computer has become idiot simple, so I guess the old saw about if you make something fool proof they'll just make better fools holds true.
    rmhesche
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close