Proofpoint: Email Security Blog

« Windows 7 Security: A Roundup of Security Features and Commentary from Around the Web | Main | Email Horror Stories... Just in Time for Halloween »

October 23, 2009

Blended Threat Sighting: "Critical Update for Microsoft Outlook" / "Update for Microsoft Outlook / Outlook Express (KB910721)" Malware Email Widely Spammed

Update-for-Microsoft-Outlook-Outlook-Express-KB910721-Phish So, I haven't personally seen any Windows 7 themed spam or malicious emails reported by other other vendors (though I presume our Proofpoint spamtraps are chock full of related badness)... but I'm seeing my personal "spamtrap" type accounts getting hit with a lot of the little lovely pictured at left (click it for full-size sample).

This is another blended threat email trying to trick users into installing the ZBot trojan (just like the "IRS Notice of Underreported Income") spam I reported on recently.

This email purports to be a communication from Microsoft with subject lines like "Critical Update for Microsoft Outlook" or "Microsoft has released an update for Microsoft Outlook."

It goes on to describe a suposedly critical update to Microsoft Outlook / Outlook Express (complete with legitimate sounding Microsoft knowledge base ID "KB910721") and a link to a complicated-looking Microsoft-type URL.

However, rather than pointing to Microsoft the destinations for these links are malware sites hosting ZBot. All the ones I've see were in the .eu domain. Need I even say it? "Don't click follow these sorts of links."

The message itself looks fairly convincing as it's formatted quite a bit like Microsoft's actual online knowledge base pages and, well, it's boring but functional. Of course, Microsoft doesn't go around emailing users with links to updates like this. In fact, Microsoft has been spoofed by such messages for quite some time and there is even a real Microsoft Knowledge Base article - last updated November 5, 2008 - about these types of emails (which have apparently been used to distribute other malware including Haxdoor):

http://support.microsoft.com/kb/959318/

The full text from a sample of this spam message reads as follows:

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest level of security and stability.

Instructions

To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:

[Link to malware site disguised as Microsoft "Office Update" type link]

Quick Details

File Name: officexp-KB910721-FullFile-ENU.exe
Version: 1.5
Date Published: Fri, 23 Oct 2009 13:42:20 -0300
Language: English
File Size: 100 KB


System Requirements


Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista


This update applies to the following product: Microsoft Outlook / Outlook Express

| More

Posted at 02:27 PM in Anti-spam, Anti-virus, Email Security, Phishing |

| More

Technorati Tags: , , , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c0120a6191275970b

Listed below are links to weblogs that reference Blended Threat Sighting: "Critical Update for Microsoft Outlook" / "Update for Microsoft Outlook / Outlook Express (KB910721)" Malware Email Widely Spammed:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

If you have a TypeKey or TypePad account, please Sign In

 Subscribe

Follow us on Twitter @Proofpoint_Inc