[AusNOG] Trojan "MS Windows TCP/IP Patch" spam run

matthew at auscert.org.au matthew at auscert.org.au
Tue Aug 1 15:10:47 EST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings all,

We've had a few reports of a spam run for a fake MS Windows TCP/IP Patch
(as below) that leads to a trojan site.  Anyone else seeing much of this?

Any feedback appreciated.

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

  Subject: Microsoft Windows TCP/IP Protocol Security Issue - Patch Required
  From: Microsoft Corporation <support at microsoft.com>
  Date: 31 Jul 2006 19:31:57 +0200
  To: auscert at auscert.org.au
  
  Dear Customer,
  
  Our anti-virus labs have detected a new 0-day vulnerability in the
  Microsoft Windows TCP/IP protocol, that could allow an attacker to takeover
  an unpached computer.We dont have too many details, since we have recently
  become aware of the vulnerability, but if patch is not applied as soon as
  possible, you risk your computer to be exploited.Because the vulnerability
  affects the kernel of Microsoft Windows, we cannot provide the patch using
  the Microsoft Update Service, so we have decided to notify all our
  customers that have registered their Microsoft Windows Operating System
  about this new threat.

  Because the security of our customers is very important to us, we have
  developed a patch to fix the kernel of Microsoft Windows, and to prevent
  your computer from being attacked.
  

  Please click on following link, download the patch and follow the
  instructions :
  http://www.microsoft.com/security/tcp-ip/download.php?country=AU,234,242,211
  
  1.Download the patch on your Desktop.
  2.Run the patch.
  3.Reboot your computer.
  
  Each customer has an unique link to download the patch that will expire
  in 24 hours, so you have to apply within 24 hours after you receive this
  email.
  
  If you fail to do so, you risk your computer to be attacked and exploited
  by hackers.
  
  Thank you
  Microsoft Corp.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRM65yCh9+71yA2DNAQLbEgP+Kwuu5ldbrEkyYu1jmgCenjGIF7cCSDCa
ht7GQOGZL5ss9ZsZS2SfYk3Hi4v5NhtJ47KWmFumputa/H4chCAZ3bFxIzMsvO2+
IeP+7YVqQgXM3sXVd4HNAHRZlmY4SYfDrJ7RX836lmYtOionUg3NxhruJKV25rEc
p9lpFhPs5QY=
=dQxq
-----END PGP SIGNATURE-----

More information about the AusNOG mailing list