Fake Windows security patches and rogue iPod invoices have been making the
rounds this week as spammers continue trying to fool people into installing
Trojans on their PCs.
Internet threat-monitoring firm Websense issued an advisory on Wednesday about a fake e-mail
that encourages recipients to install a patch to fix a Windows vulnerability
described in Microsoft
security bulletin MS05-039.
According to Websense country manager Joel Camissar, the e-mail is likely to
have some success because it exploits users' fears that their systems may be
"People are still falling for this. It is very easy for a hacker to take
advantage of the fear created in the marketplace," Camissar said.
He said users may fall for the scam because they want to "make sure their
system is patched to protect it from being infected by all these nasties."
The scam is a technical improvement on early attempts to trick users into
installing Trojans because it rides on the back of an actual vulnerability that
was patched by Microsoft earlier this month.
Antivirus firm Sophos warned consumers on Wednesday that spammers are sending out
fake "order tracking" e-mails that claim the recipient will soon receive an
Apple Computer iPod by Fed-Ex and around $500 has been debited from their e-gold
According to Sophos, the e-mail arrives with a subject line that says "Track
your order" and the e-mail contains the following text:
Dear *e-mail address*,
Please read the following message carefully.
We notify that your order was approved and shipped to you via FedEx 2Day
Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold account. The details
of transaction and specification of chosen product we send you in
self-extracting compressed-zip file.
Read it carefully to make sure that there's no mistakes in characteristics of
chosen product. We appreciate your choice!
According to the rules, refund must be based on your original method of
payment. Any requests to refund using e-gold are not accepted if the payment
method was credit card.
IPod For Your, Yahoo Shopping.
The e-mail contains an attachment called OrderInf.zip, which if unpacked
contains an executable file called OrderInfo.exe. Once executed, the file
attempts to download further malware from the Internet.
Graham Cluley, senior technology consultant for Sophos, said in a statement
that the e-mail shouldn't be too difficult to spot. "With luck the spelling
mistakes in the e-mail will warn many users that there is something not quite
right...Additionally, anyone who doesn't use e-gold should be able to smell a
rat when it is claimed that almost $500 has been taken from their account."