Windows patch, iPod exploited in e-mail scams

Fake patches, rogue invoices make the rounds as spammers keep trying to fool people into installing Trojans on their PCs.
Written by Munir Kotadia, Contributor

Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PCs.

Internet threat-monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.

According to Websense country manager Joel Camissar, the e-mail is likely to have some success because it exploits users' fears that their systems may be vulnerable.

"People are still falling for this. It is very easy for a hacker to take advantage of the fear created in the marketplace," Camissar said.

He said users may fall for the scam because they want to "make sure their system is patched to protect it from being infected by all these nasties."

The scam is a technical improvement on early attempts to trick users into installing Trojans because it rides on the back of an actual vulnerability that was patched by Microsoft earlier this month.

Antivirus firm Sophos warned consumers on Wednesday that spammers are sending out fake "order tracking" e-mails that claim the recipient will soon receive an Apple Computer iPod by Fed-Ex and around $500 has been debited from their e-gold account.

According to Sophos, the e-mail arrives with a subject line that says "Track your order" and the e-mail contains the following text:

Dear *e-mail address*,

Please read the following message carefully.

We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.

The amount of $479.95 USD was recieved from your e-gold account. The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.

Read it carefully to make sure that there's no mistakes in characteristics of chosen product. We appreciate your choice!

According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted if the payment method was credit card.

IPod For Your, Yahoo Shopping.

The e-mail contains an attachment called OrderInf.zip, which if unpacked contains an executable file called OrderInfo.exe. Once executed, the file attempts to download further malware from the Internet.

Graham Cluley, senior technology consultant for Sophos, said in a statement that the e-mail shouldn't be too difficult to spot. "With luck the spelling mistakes in the e-mail will warn many users that there is something not quite right...Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost $500 has been taken from their account."

Editorial standards