Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 3003
Total: 3006









Author Topic: Fake Microsoft Outlook Update Installs Trojan Bredolab.Y (Rogue AV SecurityTool)  (Read 3663 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.

The e-mail, which Panda posts with a screen shot, is spoofed to look as if it comes from Microsoft Support: http://pandalabs.pandasecurity.com/microsoft-support-informs-you%E2%80%A6/
With a realistic-looking subject and e-mail body that attempts to piggy-back on the constant (and correct) advice to keep your computer up-to-date with patches, it's a great example of a social engineering attack.

But despite the lack of any obvious typos or grammatical errors, the e-mail does contain some clear clues. First, neither Microsoft nor any other company I know of sends patches or updates as e-mail attachments. But unless you happen to follow the breathless excitement of Patch Tuesdays, you might not pick up on that clue.

Which leaves the second giveaway: There's an attachment. Any file riding along with an e-mail should automatically draw your suspicious eye. Even if your antivirus app allows an attachment through, it's still a great idea to upload the file to: http://VirusTotal.com for a quick additional scan from about 40 other antivirus engines. Unless the attachment is a small-scale targeted attack, there's very good odds that at least some of the engines at the site will ID the threat.

In this case, Panda says unzipping and running the attached .exe would install the Bredolab.Y Trojan. And as an extra added bonus, it will also download a rogue antivirus program called SecurityTool.

(PCW)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023