Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Fake MS updates - archive

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake MS updates - archive

    FYI...

    - http://www.f-secure.com/weblog/archives/00001308.html
    November 1, 2007 - "Some malware authors are still fond of using the good old techniques to spread their wares. One of these techniques is to send e-mail messages with "Security Updates", released by a well-known software vendor.
    Today we received multiple reports about a message claiming to be a "Critical Security Update" from Microsoft. The message had a ZIP archive with a trojan downloader inside. To become infected a user needs to extract the trojan's file and to run it..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down (Another) fake 'MS update'...

    FYI... (It continues because this fraud works! Spread the word!)

    - http://sunbeltblog.blogspot.com/2008...ms-update.html
    January 21, 2008
    "...(another) fake 'MS update' spam seen in the wild today... Payload is IRC.Backdoor.Trojan..."

    (Screenshot available at the URL above.)

    >>> http://www.microsoft.com/protect/you...g/msemail.mspx

    Last edited by AplusWebMaster; 2008-01-21 at 22:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    They just keep comin'...

    Spotted in the wild: Rogue Microsoft Update site
    > http://www.f-secure.com/weblog/archives/00001374.html
    February 6, 2008 - "Watch out for this one. It's -not- the real Microsoft Update site... Note the real url (cfm48.com) and the spelling errors ("Please intall"). If you click the Urgent Install button, you get a file called WindowsUpdateAgent30-x86-x64.exe. Which is not signed by Microsoft. This is a fast flux site and uses a wide range of IP addresses..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    FYI...

    - http://blog.trendmicro.com/before-pa...-were-malware/
    April 6, 2008 - "...A new spam run emerges as a threat to Web users before Microsoft’s Patch Tuesday. And not because it exploits soon-to-be named vulnerabilities. What this spamming operation takes advantage of is the anticipation itself for the release of patches by Microsoft... The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users. To install the said “patch” would mean system infection..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    FYI...

    - http://www.us-cert.gov/current/#emai...ng_microsoft_s
    April 7, 2008 - " US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages with the subject line "Critical Patch Released: Microsoft Security Bulletin MS08-64738." These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    FYI...

    - http://blog.trendmicro.com/bogus-mic...file-infector/
    May 31, 2008 - "Even though Patch Tuesday is still two weeks from now, crimeware authors are already sending out fake Microsoft “critical updates.” The TrendLabs Content Security Team recently found a hoax purporting to be from Microsoft that urges users to update their computers due to a “critical security issue”. The email, which has the subject heading Important update from Microsoft Windows XP/2003 Professional Service Pack 2(KB946026), urges recipients to install the latest security update to avoid a successful attack which could result in comprising the recipinets’s PC. If the unlucky victim clicks on the file name, WINDOWS-KB946026-X86-ENU, they won’t be getting any security patch — but rather, malware detected by Trend Micro as PE_VIRUT.XZ. PE_VIRUT.XZ is a pretty old variant that appends its code to EXE and SCR files, making a pretty big mess depending on where it is executed..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    Once again - more...

    Fake Microsoft patch SPAM
    - http://securitylabs.websense.com/con...erts/3122.aspx
    06.30.2008 - "Websense... has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update... The message uses an open redirect at the legitimate shopping site shopping.***.com; the redirect forwards users to a malicious URL offering to download a malicious executable. The malicious hostname is a lengthy one embedding 62 characters, and uses the sub-domain update.microsoft.com. Users who open this file will have their desktop infected with a Backdoor... An interesting trait of this particular attack is that the malicious top level domain is pointing to the government site of the United States Secret Service - The Electronic Crimes Tasks Forces Web site in an apparent attempt to work around IP reputation-based systems... It is important to add that Microsoft -never- sends security update notifications through emails..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Fake IE 7 update SPAM...

    FYI...

    Fake IE 7 update SPAM...
    - http://isc.sans.org/diary.html?storyid=4852
    Last Updated: 2008-08-10 09:56:42 UTC - "A number of readers have alerted us to a round of IE7 update spam being sent out. The e-mails read:

    "You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice."

    Well, true enough Microsoft will not be responsible as its not from them! (Shock / Horror). For the sample we received, VT has good coverage:
    - http://www.virustotal.com/analisis/1...a8542a90401b6f ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bogus IE7 and MSRT - SPAM

    FYI...

    Bogus IE7 and MSRT - SPAM
    - http://blog.trendmicro.com/bogus-msn...ious-software/
    August 12, 2008 - "Spam claiming to be from Microsoft and offering download links to Internet Explorer 7.0 and Windows Malicious Software Removal Tool appear in the wild... To buy themselves some credibility, spammers added what seems to be a disclaimer from MSN Featured Offers, which is a newsletter service by MSN, where users subscribe to “offers” from a number of categories. MSN then sends certain discounts and offers to the subscribers depending on the category they have chosen. Upon clicking the links, malicious files are downloaded onto the user’s system. Trend Micro detects the downloaded files as TROJ_RENO.ADX and TROJ_MONDER.HM..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake MSRT...

    FYI...

    Fake MSRT...
    - http://preview.tinyurl.com/l28pj7
    June 12 2009 CA Security Advisor blog - "CA ISBU Research Lab receives a large number of malicious samples on a daily basis, many of which are found to be Rogue Antivirus applications belonging to the extremely prevalent malware family, Win32/FakeAV... this variant imitates Microsoft Windows Malicious Software Removal Tool (MSRT), as well as promoting Microsoft Office upgrade and other trusted Antivirus products.
    Fake Microsoft MSRT Warnings
    When the installation package is executed, it will display the fake alert in the system tray... Then, it will display the fake GUI for Microsoft Windows Malicious Software Removal Tool scanning your system and it will display the scan result... (also) imitates the Windows Security Center..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •