August 31, 2006 11:47 AM PDT

Windows patch, iPod exploited in e-mail scams

Related Stories

IE flaw opens door to infection on sight

August 9, 2005
Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PCs.

Internet threat-monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.

According to Websense country manager Joel Camissar, the e-mail is likely to have some success because it exploits users' fears that their systems may be vulnerable.

"People are still falling for this. It is very easy for a hacker to take advantage of the fear created in the marketplace," Camissar said.

He said users may fall for the scam because they want to "make sure their system is patched to protect it from being infected by all these nasties."

The scam is a technical improvement on early attempts to trick users into installing Trojans because it rides on the back of an actual vulnerability that was patched by Microsoft earlier this month.

Antivirus firm Sophos warned consumers on Wednesday that spammers are sending out fake "order tracking" e-mails that claim the recipient will soon receive an Apple Computer iPod by Fed-Ex and around $500 has been debited from their e-gold account.

According to Sophos, the e-mail arrives with a subject line that says "Track your order" and the e-mail contains the following text:

Dear *e-mail address*,

Please read the following message carefully.

We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.

The amount of $479.95 USD was recieved from your e-gold account. The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.

Read it carefully to make sure that there's no mistakes in characteristics of chosen product. We appreciate your choice!

According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted if the payment method was credit card.

IPod For Your, Yahoo Shopping.

The e-mail contains an attachment called, which if unpacked contains an executable file called OrderInfo.exe. Once executed, the file attempts to download further malware from the Internet.

Graham Cluley, senior technology consultant for Sophos, said in a statement that the e-mail shouldn't be too difficult to spot. "With luck the spelling mistakes in the e-mail will warn many users that there is something not quite right...Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost $500 has been taken from their account."

Munir Kotadia reported for ZDNet Australia.

See more CNET content tagged:
Sophos Plc., spammer, Websense Inc., Apple iPod, patch management


Join the conversation!
Add your comment
You know, it seems to me that after so many years of these scams that there are a lot of dumb people out there that keep falling for them.

Also, when the government catches some of these scammers etc, perhaps a public execution or two will solve the problem.
Posted by wookielookin (13 comments )
Reply Link Flag
Education down the tubes
I remember waaaaaaay back (in Internet years; it was actually 10 years ago) when computer user groups served as training resources for many newbies. In our PC user group in Hawaii, much of our 500 or so members were very computer savvy. This is because we held many Internet education workshops and fixit clinics. Much of the focus on Internet education was basically to develop "defensive surfing" skills, so that in case you ran into a situation you weren't taught previously, you could somehow use your instincts to pick the right solution.

You don't see this anymore. People are buying computers at dirt cheap prices, and treat these "appliances" as if they were a radio or a VCR. I think maybe when computers were $2000 or more, these people made a point to learn how to effective use the computer. But today, people who buy computers haven't received any formal computer and Internet training. As a matter of fact, my user group shut down about a year ago because we had no new members signing up.

That's basically why, even though the population of people on the Internet increases, the savviness of these users are actually next to nothing. Now you add in these e-mail exploits. Because these users don't have the sense to detect BS when they read it, these exploits become more effective. To me, this is totally backwards; you'd think that as computers become more and more a part of everyday life, the population in general are getting smarter. But they're not getting smarter.

Just look at your average college student's laptop. It's a total mess! I re-built several laptops as favors for some of the military officers at my command - all of them owned by their kids. And none of them could be repaired without re-formatting the hard drive. These are teenagers now. They're supposed to know more about computers than their parents. I thought these kids were required to receive computer education before graduating (at least at my HS it was required). But based on several non-scientific surveys I've thrown out there at various forums on the 'net, NO ONE has ever taken a course in computers.

In summary, it's just going to get worse. As FUD becomes more and more of a common thing, these exploits will become even more effective.
Posted by groink_hi (380 comments )
Reply Link Flag
Sure, blame the user!
There's no doubt that these scams rely on user ignorance, but if
the computer they were using had some basic amount of
security, they couldn't succeed.

I suppose it's the user's fault that they're using Windows, but if
we're honestly looking for the source of the problem, we have to
blame computer consultants and IT people. These are the ones
pushing ignorant users to buy Windows, so they can claim the
pot of gold Windows problem leaves for them in the form of
billable consulting hours.

It's a perfect vicious circle. Computer techs make money from
computer problems. Windows creates problems, making it easy
for them to make money, so they're not about to recommend
anything else. Average computer users listen to their
consultants, so they buy Windows and we're back where we
Posted by Macsaresafer (802 comments )
Link Flag
PC user group in Hawaii
<a class="jive-link-external" href="" target="_newWindow"></a>
Posted by Ipod Apple (152 comments )
Link Flag
Who's the sender?
Ideally, we simply wouldn't open any email from unknown senders... but that isn't always possible, especially in a business setting when we're forced to communicate with unknown entities on a daily basis.
What it will come down to is user education (<a class="jive-link-external" href="" target="_newWindow"></a>) and appropriate security software. So those are two points every business and individual should hit... At the very least, no attachment should ever be opened unless you know who sent it!
Posted by ml_ess (71 comments )
Reply Link Flag
You can lead a horse to water...
All the advice and education in the world is not going to help because most people simply ignore it or forget it. Social engineering scams will always have a reasonable percentage hit rate.
I'm not anti Windows - It's the "little learning" problem which makes users think they know what they are doing. Windows doesnt break Windows - Windows users break Windows. If the world used linux then those same users would break linux as well.
You just have to look at the number of iPod wearers out there to realise that consumer spending is not based on value or quality - just fashion!
Posted by Jelly Baby (34 comments )
Link Flag
Patch Authentication
If Microsoft CANNOT authenticate their own patches... they deserve to be ram-rodded by rogue patches!

Proper Authentication is the key to many security problems.

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.