Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Fake Microsoft Patch Triggers Virus Attack



 By: Ryan Naraine
2005-05-19
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The bogus e-mail contains an attachment that purports to be a cumulative Windows patch for May 2005. It's actually an executable file for a well-known virus.

Like day follows night, a bogus "cumulative update" with a malicious attachment has followed Microsofts patch day.

In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsofts patching cycle to trick users into executing a malicious attachment.

The latest social engineering trick arrives via e-mail with an attachment that purports to be a "cumulative patch" for May 2005.

The claim is that the executable file contains patches for vulnerabilities in Internet Explorer, Microsoft Outlook and Outlook Express, three widely used products with a history of serious security bugs.

The file is actually an executable for a variant of W32.Pinfi, a memory-resident polymorphic virus capable of replicated via mapped drives and network shares.

Resource Library:

The Pinfi virus, also known as Pate or Parite, has been programmed to infect every PE and SCR file on every drive and network share.

It targets users of Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me.

Click here to read more about a Trojan that masqueraded as a critical Microsoft security patch.

"This is a common scam," a Microsoft representative said Thursday. "Its important to remind customers that Microsoft will never attach software updates to security e-mail notifications."

She pointed out that most Microsoft software updates are provided through Microsoft Windows Update, Microsoft Office Update, or the Microsoft Download Center, adding that, as a best practice, "users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources."

Because the scam has become a monthly occurrence, Microsoft has provided guidance for customers to help identify genuine security messages.

The document, titled How to Tell If a Microsoft Security-Related Message Is Genuine, includes the following advice:

  • Microsoft never sends notices about security updates or incidents until after information about them are published on the Microsoft.com domain.

    If users are in doubt about the authenticity of security e-mail notification, they are urged to Security site on Microsoft.com to see if the information is listed there.

    • Read more here about a worm that barraged inboxes with German spam.

  • If a customer suspects that an e-mail message is not legitimate, they should not click any hyperlinks within it. Those links may be spoofed so that they appear to be sending you to a trusted Web site when they are actually sending you to a malicious Web site. Always cut and paste the text of the link from the e-mail to the address bar on your browser; or better yet, type in the address of the site yourself.

  • Microsoft and most commercial Web sites use certificates as part of a system for securing online transactions. Typing "https://" as opposed to the standard "http://" into the Web site address activates the certificate. Once you are on the secure site, Internet Explorer allows you to check the certificate. Double-click the lock icon on the status bar at the bottom of your browser. This displays the security certificate for the site.

  • If you have not signed up for any security communications from Microsoft and you receive an unexpected message about a security update, you should treat the message with great caution. When in doubt, delete the message and immediately check the Microsoft.com home page for the same information.

    • Anti-virus vendor Sophos Inc. has provided step-by-step disinfection instructions for PE executables.

    Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



      Reader Comments: Fake Microsoft Patch Triggers Virus Attack
    >>> Be the FIRST to comment on this article!
     

     
     
    >>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
     


    x}ks8q8cH)ْcmlk)fV(8H.I?q /=hɏL8["h4Iȹ=!1(ٟ9#ޙ'w>{(ɑԫQ]}nw2'v=7v@\}@^cFwD%x_'Щ=ѩ€wɔiPلި/3}B}F7\3Ѣmgb^P$ȁ_ ¢%yHCGu)pC(DsXqDǎH;*C'x8ӽi/DeO‡^b&{By<5;^7;0kBa5w0vK]K_nCUVekV6^;s9ȹ3z$nPr&N7w#205ARZ"[XdTZ ӡc)u8r `p)jXtGL: nK>1P:x =3~bA2xfdQӸTBp`VRBmO,Ӈ;)X ۱ȭC ¿{׳߂C}t;mgE-"'l,Rۆ@ظ?0}$OL"S9ˡ,Fp0,sti #M-jZUQ bkG{}޴ ޷L{`T3{;o>;Wʪ)Jw9ʑCKo -%u`(.:'^O.ac'H Hw& LT)Jj\(͒LCa:b= uz P%pKX+hvd(-bv=ӧ0Cƌ_8RCf9-Ҿ췯;6OΎ;Sd̲5<JEӀ Zvf#?ޙ#W7ke{#kj{ _GlH  Wh6 N[_lxmķx0|kh2`=r8LwjT{dZݓ6է I|S8VEqֿ8'=M%%wܿ/Rx3oF5 tA%4ȌSHu t9~}M'Zf-Mn #dh|]w p3Z&9T23=MH:Ƃ5ņ])!edFSۤ%/^(P%!P샖_.[ jFTwIQQ#w=^f/\R@1Al8{ØWҽT7wsY 9tipq^oVV͉:]XYujZnE?´;{8m7-һ^5?aUb}PhvZM]qsuTSt*Zl:}5գ"TG-dj`qaeJݠc}nywσ`DgEG|F s>uN< EC#ɠ:ڴb{\gf&h`C:}ҍ:L w|hx: C 00gw9&ztH۠h&r<kIOlLJ.??6 ; G`p&;xk=`DkwCPb1LTE}vACAX' #}S(r`nZдc@k断,0!.(2n( ,9قrij><:NX鹞~o6*'l|0ː ;u- CO5,v&Vfj:Y[~2.|O V,'0{ gб3a|ea;m eSKq6Om V!҇D+ه0`M EDN6R^-!z0iTҗKJAUc/`k@Lf2,rƎe9لAٌ 4]}Zj\<897Ro> < ıLBYaT88l]x}uVN0\?@R)Ö13ghim&ǙXT'/ł\PZr>r+b"[8:T:$f߂ä:,Cd=tǜ}h3ʫ2 yEZ JL qjheU-UjR _{}|s??=edԌ8pc}yw~~6Fi ^8AL}6݁ /r/,|rqZEL[vO`cQ av5 1;?UkJ?C2By^Yhw\rR" Qptoգ)u7ufv9A#]#@$72]r@ XQj0qs;OM?bL%Jt( ֹB\U4Ue`wk* :@!G:0ݛ,()yന^u/iYOS)&V$tu| `_ nM==WK$*X# 4k 0Y[ ⺪TjՂʾ_YN+^> (Lu0Ȑ%=GlThmO.1Um$R*lC01^*== 7S_ -ʖ~g˦ɪՆgQyϤ͋p3|5] |b9s#ONq釛Lk s0sIl7xv@̬}#w6霎0 M`}G ϓ1W5% `,fqNgGA:+lmBs0X3f~Wk*t?y{Wz&[wܕ[0A^c􁯍C-oc d.ōfπïǖ mԚVNM&Vi Z;zGd!9 =!OR-4SK8n7=R.R 2=ct89e}̭7O7OUU^S;:9&_P@ZhO \ 8spIE>2I*"EeB8NY HXL*r_ kRUG 4DB(}r'nPzQrZ%&j}$cPU]|T&#UX)TԒP?YTAteU1n?mVPVW`Zd&s\%\{si0o)Q󩋗r3["X.DД7Ϩ3Rb  kQh#e[,*u.[EO-sGQ^ٷgP K r#F1>dd˙]=+boVta؆ۧ0F@q IDW~Bh^\/~tϻ9\dcxx\O#R@!hWHv:<aShmǛ&a֏5!F襑a+"m@Kվ̂qK՜$"j ON3dn,ʣF4Sޚ( Z`!旁1ߐdPR# (ʑ=`` VwuN .f_$BAnpkz!NU He*4Д+e3ѓ:M#+y-EY-V6y;i: a!]9$gy/гOZEbݙms==vS%6lN*tb*9,_빿==RvӅce'9$st7#gLةE}4% /sg3 {:`1)ca0 ~Uު箅MM%7&aq*huͰ<#sCÙ馍(&HK.}<﷯IK 09nJs t#s5yׅO>4dwD/gyZ7N{m,d1]f/c_; ?-m-8tǠCR3K1M&$Z^VP**sᔤ˞ɔX^ OXd1 0d&q+m3{G{ {!.u01y<@7?_gpKw zK>+-R!ekE7_UKKOʲE:'%:mחB}޿ BĬhg2h덫{sL:>dO#@/-v x1tY AAXy !VorlK9w@rs&8< $[euw+[S'gSc;/HF#%g&OSϱmG @|Ր ;as*|b \<U W_M·⎭zgQ$g |o(o'򽥎xknZS*9ߘP??\=3q x{7d\ڊ}fK~~ v/kp8_q27 ~+lFY":ӨRŇ&LձW,}o+sQxZ,\hJ.00OGO}S~5by4d ~Ə9`-i&;6Fbp's7^צjV+?xȟM=ɳF>-΀b;U1,>ѱ{d7CBSJ|ِ IAъ(Cٵ*6 /;R D/1]x}ջhh/^aq@Un*a}9};-6zɄY8nN`,O)aG0wuҵ@8ObDŽy ";% : 3l`*̹j ՄH[vs8MymXi겎|Ieq( #x;أwZrs}VfAA7 w%SJ#Z,줉Oɒ+voWH ‹JCyc"5[Rc'vp<"^7A 3he4Aۘ"/S H[wYiq.$>yZzo,9x=>f̰a0BnQ/yמy F0YEF\+%T+ FK@4,N7o;͈# d|#v>xՉ6RZ+&7};A'oo9)uS .Cd%Gve,ގɺr|vlz3_ k£+FBUR EQ ?WtIC&! !l%KQ|#%J)JB<&gz!TU o3R{E찬R=x |$2*RX_:Ob;r$GǕ8QVpwDh}ky!FJhKw"K:5&h&HVz3+ ^_d!J_|MX|q*Dj4ggK͡3n/B e*D 3"<t{D[zɰ#?AնeҋIJ"O:1QO-)[PJ\01}X+1x4ۣ[L2 <4k*+K6,8zΌJWcǓ:mRVVfa@rFW{Y]Vmk^|"uυvUeYgu?LϦ7%M+LFX̄چ[!QLx7 K=X)2o,#/qSw'w'w'w'8U4̱Jzy_pݗ.RǠTU'kw3&/uno }|Q_jìiW8xxLjR0!fa2WEKW XDӨ|[r`8ktMx"Ą~ Km=\HW gHf@cKLt f`3dK g3νE Jl2TIdGB4v~eK)Mr6nZק].-U|m9/lGnSA4ŤT/ܓ)C{Z΂UNt[:ΪRҁwԖ0l!7FHf,nW Sy h`CboG|Uچd}qr6^,^~moJ 2wA/nsɩKs]ū虇ۓZZPMu0,6,s?J٥%>a# 7_x!ݞOƳAlɘ`? M;p q׭ <pEu_':yv{CGuM~I3333{& ZM-|۞H=njME0ٖ {*3B][[A$yC`_ymqml[Osya±3V=}v+7Ur,_qc~{#8!#xv"hN P~cktKkQ Hm苌1Rv3^jD8$ \H !ߙ {c74o!y3rUA"+/+n1|d-NX6]WR}YS^@a|&wpb5󛽵#+8e*ΰ(?&@"}LƞO.FlO "I@F3Δwü ?JU{cSIO,z6gܢ* WrEFDOۯ,BK&uU Og!gkmk~|7 .р=;gP)=ho.p 8o %'?[r=rVu]30M]-O[" )K6_|ߚ'"fޘxBmtϠ6k?0MZߘtymn$5?h۾a+@m|ն-0EQz򽧻. m~[~1{tѕooJY3VC|_~_%-gTdfph6_fؐ,l%I"q0M_K1),⌉fnm4%sQ&^I4p3D XWȓwut z^sLGo>k~r~i//m~Icʗy!\ ' qӈatWb1Y}Gj OQ5x>>fvEx#s~aNwTa1tq*o,kʁV=P,NOY+ ZdҤ  P(g*Dz'q/Y"j\D js+A#샒=%hW?!,q*Ds4?ñ:-ĻAXy- E9DNE0H^XC0;pD]bɠ#c{(h#8࿴l&vny \95͂E tCc%5U(5ub?=G/utIkb"]J1xy[Ò+5fL8P;qU6'a CO 2s 1IwCy– \vV8?ra)?Eo9fH sL~;o>^_R܉He t03*F2*mG&^I79m[ 45`BXRA~9F=gFpb1Ř!&"=lFLN1OA:8(у(^|v[/ T6CĊ1gG)&& rN~/|W c)U(bWU T-G,(ωB5OuSJTmn$|s ޲7HیS,0AuA"\2,GGA~2u:R5%~6t0^Q1e&}J%nNK b$P!%h$bcx=9`1A2dzwȗ>0(-ŌCZQJФ*t!dW`ǪZJWv'x 6n?7F.4W )WPx s#cvFCdQ:>ϊ&To`9ͫ/{M&OǽUӽ$ ¶-r5uw[_NW_N;estPv>L5mkLJy22 ͋6Sr?XԞpm.4 "Gd;πW}QX\m3IwPJTَ/!jbTթ4 W?}z uӲr:/Пxu3K_M8FyS Sr>^#V CpXmn8~(hOu{It/۹FhRs`P1W(5ʯ74S](f#7vF l.?fCF?|O:YgsyktZпNF?ӹ(w2k|e/y &c|. /E|E}/>/2 ϋ D3(?A2/"2c|/A~.32cnF _?2 ޿x:z/??}P9g @MV9M@7d_ryʛrּ…)qFy)8RErXB]fנ&c˼$=)>w槤Ix]"&JRo-cENj9.~QJxdR$d3-FDka2 % /ܻ Gz‰nQ2LxĻO%ݞ܃~n7}Fn_x` ~iMnڧ\Fpyk;ُϋGkwյƚ ~3b 9)?'OxVf|4;([ԙqeޢD)Fyk@+{揂>Rq6ɧN {xuCחUC=z}EPW,MdBgpX`$"7<R9Kq`F}bvє=oIF.h Dǽ xeb IP*5VZ*я{_5\q@DpysUUEVro9 VVjb`" *s>P`26UJ`z!O J1=4cdKb4p%EУoﶍH˘Y͛YJ#^"ev3&c(2ǂ)"RaKa@^*q00j>d%QH78s`1>&\͠mCao/c+FS÷FTMqgqB4;Po.@cmd߻C"NMx uqG$})r1>taas溼:tT1 .c "n+Mft[1)GL փMML&S$C y3 32sçOn3A ~Xm ohhd9ik+cP<PN@U}C 1,{ԟ1P E])^xzA߭Ud#ə B| ,+-Ŋ]* i;j9.KPRJVu.Q ?nfoUR۞,`'/^;gH2G$!᳼c*=S2m-)e'.r}7{,ݤd/+ 4bŽ%OvQ>7. %##R.ܓOFۑ)0XPy4w<pI>0)n9w3[T:9A&{#U|ٱs1cbV!qdF-["@# e`1|4aehDS0T6y6s*>% / imޢƄJu #A]=_v{[=/'`L/#]Z&c`H؂{XiWe1JpC)tOu˰ANt3BK׀5V`=2I]ۛqSg.*ZF#,Wd-ԭ<P0@~c.vz]nFQMF.D]hT[)**S6 /ߵS3pݼg®"vyXAtX3' ȱ ya1 g{y{~kC'>f kwx:YʐL\ȏ,,d[녗Z']YQhXj=E"ҁ )Q~)'f$fE [Rj`In~ӧ f<˜4W6IĶqyʱтˉ.X)>ZYBd'KW̱0^5FElT$©B=3By4O>A@`V\3zf7tZ.6]Ohc{pff#3 {τ ixv4<5TF_E@KI7dUĔ& \RKnrmmk )60MÄr";poq=ykיJ p{g8gQ0^^ZpTT/>%hw2b59Ӟ_yrϸȅ^`\YJ^y{n`!˾tڼ9!xmXYx(~'g(FRqO\||8)>wc3-/=n|ptْŠ҂%!t[4!ջjZɊx_޿`(XEh⍿c014ߛiUUq$摝7yE1um*{g;a+b(1lS24K_jjbJlxTɉY+z[q;_h†[hh b7;i1ԲHZ+