Fake Windows Security Updates Spread Zeus Trojan

Friday, May 13, 2011



In the run-up to Microsoft's Patch Tuesday, Windows users are being warned of an email spam campaign designed to infect PC's with the Zeus Trojan.

Researchers from the security vendor AppRiver indicate the malware spam operation began on Friday, May 6, and is still actively delivering the fake update alerts.

The emails contain the subject line "URGENT: Critical Security Update", and the following message:

The Security Update is to prevent malicious users from getting access to your computer files. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft XP, Microsoft Windows 7.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

The researchers point out that the attack is poorly constructed, with some of the usual telltale signs, such as poor grammar and the failure to obscure the link destination, which points to a "twotowers.ca" domain and not a Microsoft website.

Another clue to the fraudulent message is the claim that an update is available for Windows versions 98 and 2000, which Microsoft no longer issues support updates for.

Windows users should be aware that Microsoft never issues security updates via email.

The Zeus Trojan is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and numerous variants of the malicious code continue to propagate.

The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses accounts such as those used for online banking. Zeus harvests passwords and authentication codes and then sends them to the attackers remotely.

Earlier this week, security researches noted the release of source code for the Zeus Trojan. The code began to appear over the weekend in underground discussion forums most often used by criminal hackers.

With the Zeus source code now widely available, there is a high likelihood that new variants of the malware will begin showing up in the wild, along with an increase in attack campaigns.

Possibly Related Articles:
Viruses & Malware
Email Microsoft SPAM Trojans malware Attack Windows Zeus Headlines
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.