Fake Microsoft Outlook Patch In the Wild

Starting yesterday (June 26th) we started to see yet another low volume malware attack originating via spam email. This time the spam posed as a patch to Microsoft Outlook which linked out to a malicious site (4 sites hosting the trojan have been identified at the time of this posting) which when accessed would covertly download a trojan (You didn't really think it was going to download a patch, did you? :) ) onto your PC which opens up a back door into the computer for other hackers to use (the actual net effects of this backdoor have not yet been made known).

This attack, like the BBB, IRS, FTC, and Proforma outbreaks over the past 4 weeks was targetted. The name of the person who the email was being sent to (or sometimes their company name) was insert into the message body.

Similar to the FTC scam, this message was also somewhat sloppy in its composition. It has several grammatical errors within the message body.

Within the message there is also a license key which is solely used as an effort to make the message look authentic. This format of this license key does not follow the standard format for neither Microsoft Windows XP nor Outlook license keys (that's a subtlety though that many may not have picked up on). Similar to the government scams which used the logos of the agency being spoofed within the message body, this new scam brands the message with the Microsoft logo across the top of email.

The Internet Storm Center has a great writeup on this new outbreak as well.

Emails related to this outbreak contain the subject line of "Microsoft Security Bulletin MS07-0065 - Critical Update" and should not be opened. If you receive an email with this subject line or purporting to be a Microsoft Patch, delete it immediately.