RealTime IT News

Fake Microsoft E-Mail Carries Real Malware

Security experts are warning of deceptive e-mails that claim that Microsoft (NASDAQ: MSFT) Outlook needs an update.

"The e-mail claims that you have a new message in Microsoft Outlook, but you need to reconfigure your settings (by clicking on the helpful link) in order to read it. Of course, the e-mail is bogus and you're actually in danger of handing over details of your email settings to internet hackers," Graham Cluley, Sophos security expert, wrote in his blog.

"There has been a dramatic increase in virus activity during the past few weeks. One of the more recent e-mail campaigns claimed to be from Microsoft Outlook," Fred Touchette, AppRiver senior security analyst, wrote in an e-mail to InternetNews.com.

The volume of spam used by the malware campaign is impressive. Touchette warned that AppRiver had blocked over one million spam messages from this campaign alone during the campaign's first 12 hours. AppRiver has slightly more than 35,000 customers worldwide.

The latest attack appears to be an example of a new, more sophisticated threat that malware authors are only now able to execute. Security experts have been warning for some time that malware authors have better tools with which to compete in the spam arms race.

Touchette noted that attacks are becoming more complex. "We've always known that the same malware authors may try several different vectors to achieve their ultimate goal of looting the bank accounts of their victims, but it certainly is a rarity to see them use the exact same vehicle to deliver very different approaches. These also come at a time when zero-day virus totals have ramped back up similar in volume to the days before McColo fell," Touchette wrote in his blog.

Touchette added in his e-mail that the same domain has sent out both phishing and malware attacks. Phishing e-mails were limited to one subject line, "Microsoft Outlook Notification," he said, while virus-laden e-mails have multiple subject lines, including: Outlook Express Setup Notification, TheBat Setup Notification and Microsoft Setup Notification.

Sophos' Cluley wrote that the phishing attacks targeted customers of the Commonwealth Bank of Australia, asking users to click on a bad link to participate in a survey for a $50 reward.

"Although as a security geek ... you wouldn't fall for this kind of thing. But I wonder how many other regular computer users might be so keen to read their message, or make some money in a survey, that they would click on the link before they engaged their common sense," he added.