Computer Tips and Tricks: Computer Trojans Advertised as Microsoft Security Updates

Security of CA and Sophos warns of two malware distribution campaigns trying to drive Trojans as Microsoft security updates. It argues that Conficker remove a program while other masquerades as an update for Microsoft Outlook and Outlook Express.

"Researchers at Microsoft have worked closely with Symantec, the makers of Norton Antivirus and a tool to remove conflicker [sic.] Virus" the malicious e-mails intercepted by the CA to read. "You must be advised to immediately download and run the tool to remove the link below to ensure that you are not infected [...]," they will prevail.

Download link starts with windowsupdate.microsoft.com, but actually one. The “dot Ru” domain names. "The e-mail from Microsoft [dot] ssl [dot] com whose IP address is 38.100.66.185. IP address from a server in Texas and is a Microsoft server, Rossano Ferraris, research engineer at CA Internet Security Business Unit, notes.

Please visit the link are prompted to download a file named remtool_conf.exe the implementation of which, according to a EULA Symantec offers to start scanning the computer. Instead of carrying out a malware scan, the application contacts another host where it downloads winupdate.exe identified by CA as Delphi project CX. The counterfeit removal tool is detected as Fake Scan A.

"Although there is a reduction in the number of fake Microsoft Update e-mail, the fake e-mails that are more sophisticated and uses a very high profile social engineering techniques to attract and trap people," Mr. Ferraris meters warns.

Meanwhile, Julie Yeats, malware analysts, your antivirus vendor Sophos, describes a similar issue campaign aimed at users of Microsoft Outlook and Outlook Express mail clients. "Microsoft has released an update for Microsoft Outlook / Outlook Express. The update is critical and offers the latest version of Microsoft Outlook / Outlook Express and provides maximum stability and security," the statement read.

Supporting officexp-KB910721-fullfile-enu.exe is an installer for Trojan / Spy-CU. "It seems reasonable, spelling and grammar is surprisingly accurate, the malware authors, but as always, must always be careful when it comes to e-mail attachments," Ms. Yeats warns. Windows users are recommended to download security patches through Automatic Updates or download from Microsoft's website directly.