Warning! New Virus On The Internet! Update Now!
Here’s an interesting e-mail I received this morning, claiming to be sent from ‘update@microsoft.com‘ with the subject line of ‘Warning! New Virus On The Internet! Update Now!‘.
Sheesh, three exclamation marks in just one line of text; a sure sign of a disturbed mind. Luckily it isn’t mine. 
And what is the e-mail about apart from trying to make me believe that it’s ‘TEOTWAWKI‘ time [The End Of The World As We Know It] again, however this time it isn’t a song by R.E.M.
Here’s a screenshot of the e-mail in all it’s glorious HTML rendering:
You can find a larger version of the screenshot here.
The e-mail looks quite good and very believable, even the link [there is no attachment to the e-mail] uses a spoofed, but believable address to maximise the chances that the intended victim will click on the link and allow the downloaded file to execute, which, according to the e-mail will protect them from a new virus.
Of course what the victim is really doing rather than getting a security update, is getting infected by a new malware. The file is actually a self-extracting RAR file [1], which unpacks itself when run and drops a number of files [13 in this case] onto the system.
Once successfully infected the system will login to an IRC channel on one of several ‘undernet.org‘ servers; effectively reporting in for duty as part of a botnet.
At the time of writing this, most anti-virus products do NOT detect this. A sample has been sent to them, so most of them should have detection within the next 48 hours.
Right, back to the subject line of the e-mail and the title of this posting: ‘Warning! New Virus On The Internet! Update Now!’ Yes, the sender is correct, there is a new virus [actually a trojan] on the internet, and by following the instructions in the e-mail, you get it [for FREE], yes you infect your computer, you do the dirty work for the bad guys and girls who were too lazy or stupid to do it themselves.
On the subject of new viruses on the internet; there are around 28 new ones each and every day. So, yes PLEASE update [2], update Windows, update your anti-virus, update your anti-spyware and update your brain by practising safe-hex and please stop using anti-virus as an authorisation or file access control solution.
So, just in case you didn’t understand; this e-mail does NOT come from Microsoft and the so-called update is actually malicious, do NOT click on the link and run the file, you will regret it if you do. Clear enough?
[1] Full details of the file and the contents of it can be found here.
[2] But please use the correct ‘official’ site or update method rather than clicking on links in e-mails.
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
