Fake Microsoft e-mail contains Trojan virus

Along with the vulnerabilities that Microsoft patched Tuesday, the software giant's customers have a new problem to grapple with: a fake notification e-mail that looks remarkably legitimate.

Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking e-mails that include a Trojan virus. Trojan.Backdoor.Haxdoor allows attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.

Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the e-mails in a security posting:

We received some questions from customers about an e-mail that's circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren't new (we've seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor."

Dancho Danchev at ZDNet's Zero Day ponders whether the timing of this malware campaign will affect its success rate.

"Compared to the recent targeted malware attack against U.S schools, and the massive fake CNN news items campaign taking advantage of client-side vulnerabilities, this one is definitely going to have a lower success rate--no matter the timing," Danchev writes.

Microsoft's October 2008 security bulletin included four critical bulletins concerning Windows, Internet Explorer, Microsoft Host Integration Server, and Microsoft Excel.

[Rialtus]

This has been happening since, what, 2000 now? Why do people *still* fall for this?

[jaypres]

Windows tax...

[vmlenigma]

I Willingly Pay My MAC tax to AVOID these Headaches......chances are someone at MS wrote this Trojan Horse to force their Followers to fork up 99 bucks to protect them from a Product that they BUILT.....talk about screwing the hand that feeds YOU.

[Vegaman_Dan]

Windows tax? Try end user education. The same types of emails as this also deal with phishing which is OS independant.

Educate people to not open unannounced attachments regardless of the OS.

[bradyme]

Ah, whats new. Ditch Windows.

[42istheanswer]

Geesh, still this happens??? Remember, there is a fresh crop of new Windows users every year. This could go on forever.

[ns01]

If you think the email looks "e-mail that looks remarkably legitimate." then I can only assume that you don't speak English as your primary language. The message is filled with grammatical errors that scream fake.

Read the message, how can tortured grammar such as

"Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users."

How can you say that looks legitimate?

[sting7k]

I don't see how anyone could think that this is real. Since when does MS e-mail people updates to install? There is a program already built in called Windows Update that does all of that for you and downloads directly. Anyone who gets this should only blame themselves.

[goodspeed8701]

I can bet that fools will get infected.

[sythara]

I guess its not as bad as "Microsoft tracking an email you send to 10 people and then sending you money" email.

[jandler]

All the dumb dumb who actually fall for this are flocking to Mac like zombie...hahahahah...


Seriously, these are the same kind of social engineering ala nigerian fraud that people had used to prey on people. Due to lack of education, some people fall for these things.

[gggg sssss]

The email is obviously written by someone in India - but most MS stuff probbaly is as well.

[neenahmd]

I got this email today and frankly a bit concerned I have this account forever they have never once asked for anything like this which is why I believe its a fake I am always getting fake stuff by people pretending to be paypay so what I would like to know is this real or is it a hoax?


Dear Account User,

You are advice to verify your account details below to enable us upgrade your account. E.G Your Mail ID, Password, Date Of Birth etc.

In failure of doing this, you will Automatically lose your Mail Account.

Thanks for using Online Mail Accounts.


VERIFY YOUR ONLINE MAIL ACCOUNT NOW TO AVOID CLOSE!!!


Dear Account User,

This message is from Microsoft message center to all Online account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Mail accounts to create more space for new accounts.

To prevent your account from closing, you will have to verify it below before One (1) week from now!

VERIFY YOUR ONLINE MAIL ACCOUNT NOW TO AVOID CLOSE!!!

Mail Account ID:............................................

Password:.........................................................

Your Birthday:.....................................................

Your Country or Territory:............................


Warning!!! Account owner that refuses to update his or her account before One (1) week of receiving this warning will lose his or her account permanently.

Sincerely,
The Microsoft Live Team

--
The information contained in this message is confidential and is intended for the addressee only. If you received this message in error or there are any problems please notify the originator immediately. The
unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the network. The ONLINE ACCOUNT UPGRADING UNIT will not be liable for direct, special indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on.

[anitaescott]

so how do you get rid of it