madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Fake Microsoft Patch Tuesday emails lead to ZeuS crimeware

By | May 12, 2011, 7:08am PDT

Summary: A currently spamvertised malware campaign is brand-jacking Microsoft’s Patch Tuesday for ZeuS crimeware serving purposes.

Timing is everything when it comes to event-based social engineering attacks.

A currently spamvertised malware campaign is brand-jacking Microsoft’s Patch Tuesday for ZeuS crimeware serving purposes. What’s particularly interesting about the campaign, first observed on May 6th, is that the email message is localized to a second language in an attempt to better targeted the spamvertised audience. Moreover, the campaign is relying on a compromised domain for hosting the actual ZeuS binary.

Sample subject: URGENT: Critical Security Update

Sample download: SECURITY_FIX_0231.exe

Sample message: Dear Microsoft Customer,

Please notice that Micraosoft company has recently issued a Security Updaate for Microsoft Windows OS. The Security Update is to prevent malicious users from getting access to your computer files.

The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update. Since public distribution of this Update through the official website have result in efficient creation of malicious software, we made a decision to issue this security update via e-mail.

Users are advised to avoid interacting with suspicious links and email attachments found in email messages.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Security, Malware, Crimeware, ZeuS, Social Engineering, Microsoft Corp., E-mail, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 23 Talkback(s)

View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources