X
Tech

Windows patch and iPod exploited in e-mail scams

Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PC.Internet threat monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.
Written by Munir Kotadia, Contributor

Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PC.

Internet threat monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.

According to Websense country manager Joel Camissar the e-mail is likely to have some success because it exploits the fear in users that their systems may be vulnerable.

"People are still falling for this. It is very easy for a hacker to take advantage of the fear created in the marketplace," said Camissar.

He said users may fall for the scam because they want to "make sure their system is patched to protect it from being infected by all these nasties".

The scam is a technical improvement on early attempts at duping users into installing Trojans because it rides on the back of an actual vulnerability that was patched by Microsoft earlier this month.

"By getting the details right about the type of [vulnerability] it is exploiting users fear that their systems could be exploited," added Camissar.

Phoney iPod order
Antivirus firm Sophos warned users on Wednesday that spammers are sending out fake "order tracking" e-mails that claim the recipient will soon receive an Apple iPod by FedEx and around US$500 has been debited from their e-gold account.

According to Sophos, the e-mail arrives with a subject line "Track your order" and contains the following text:

Dear *e-mail address*,

Please read the following message carefully.
We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold account. The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there's no mistakes in characteristics of chosen product. We appreciate your choice!
According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted if the payment method was credit card.
IPod For Your, Yahoo Shopping.

The e-mail contains an attachment called OrderInf.zip, which if unpacked contains an executable file called OrderInfo.exe. Once executed, the file attempts to download further malware from the Internet.

Graham Cluley, senior technology consultant for Sophos, said in a statement that the e-mail shouldn't be too difficult to spot: "With luck the spelling mistakes in the e-mail will warn many users that there is something not quite right.... Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost US$500 has been taken from their account."

Editorial standards