A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.
The e-mail, which Panda posts with a screen shot, is spoofed to look as if it comes from Microsoft Support. With a realistic-looking subject and e-mail body that attempts to piggy-back on the constant (and correct) advice to keep your computer up-to-date with patches, it’s a great example of a social engineering attack.
But despite the lack of any obvious typos or grammatical errors, the e-mail does contain some clear clues. First, neither Microsoft nor any other company I know of sends patches or updates as e-mail attachments. But unless you happen to follow the breathless excitement of Patch Tuesdays, you might not pick up on that clue.
Which leaves the second giveaway: There’s an attachment. Any file riding along with an e-mail should automatically draw your suspicious eye. Even if your antivirus app allows an attachment through, it’s still a great idea to upload the file to Virustotal.com for a quick additional scan from about 40 other antivirus engines. Unless the attachment is a small-scale targeted attack, there’s very good odds that at least some of the engines at the site will ID the threat.
In this case, Panda says unzipping and running the attached .exe would install the Bredolab.Y Trojan. And as an extra added bonus, it will also download a rogue antivirus program called SecurityTool.