Viral, bogus MS bulletins shuttered

The two bogus bulletins -- complete with software patches and links to a hoax Web site -- were discovered on July 10. Both contained potentially damaging viruses.

The first virus, nicknamed W32.Pet_Tick.G, arrives as an email with the message, "This is a fix against I-Worm.Magistr." It also contains an executable file attachment entitled "MSVA.EXE." The other phoney bulletin, reported by ZDNet yesterday and dubbed W32.Leave.B.Worm, claims to contain the patch for a serious virus, but instead is itself malicious code.

"This is a cunning piece of psychology to get past the most suspicious PC user," said Graham Cluley, senior technology consultant at anti-virus firm Sophos. "You receive a message that at first glance looks like a Microsoft bulletin, but once executed takes you to the virus distributor's Web site and downloads the malicious component."

Security experts are satisfied that the bogus Web sites have now been removed, and claim it is unlikely that more PCs will be infected with the viruses. Microsoft issued a statement explaining that the Pet Tick worm is easy to spot by its lack of digital signature, and the direct link that it contains to the phoney patch instead of the complete bulletin.

But Cluley is less optimistic about the IT competence of individuals to spot emails that don't contain digital signatures. "It's a unfortunate case that most people are suffering from a bug in their brain rather than a bug in their PC -- they need to be more suspicious about email and not trust everything that they receive," he said.

Phony security alerts represent the latest social engineering trick for hackers, but virus experts predict that the pornographic trap as exploited in the Anna Kournikova virus earlier this year is still the most popular. "There's an unlimited demand for porn and Russian tennis players, and there will be for some time," said Cluley. "But the two viruses that have recently posed as Microsoft bulletins could give others the same idea

• Related stories

• Alerts

Add your opinion

What about Microsoft's Auto Up ...Keith Styles -- 19/07/01

What about Microsoft's Auto Update routine. Is it safe to allow this routine to run. Even with supervision, how do we tell if it's legite??

• Reply to comment
• Reply to story
• Report offensive content

When you consider the severely ...Neville Angove -- 21/07/01

When you consider the severely limited knowledge of many "computer professionals", it is a little cruel to criticise users for having brain bugs for accepting what appear to be valid vendor bulletins.
As regards spurious bulletins, in the past few days I have received two different forwarded meesages that seem aimed at swamping Hotmail and ICQ. Nice way to cause havoc on an alrready overcrowded Net.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials