Sophos has detected a new AutoRun worm spreading under the guise of being an update for Microsoft Windows.
It is an old ploy, but apparently one effective enough for attackers to keep trying. The malware comes in an e-mail with the subject line “Update Your Windows” as well as a supposed note from Microsoft exec Steve Lipner. The note is quite lengthy, and might even be persuasive were it not for the fact that Microsoft doesn’t send security updates through e-mail. Then, of course, there is the issue of spelling.
“With so much effort being taken by the cyber-criminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged e-mail header,” blogged Graham Cluley, senior technology consultant at Sophos. “The messages we’ve seen claim to come from firstname.lastname@example.org. That’s right. ‘microsft.’ “
It is not clear how many downloaded the bogus update, but Cluley told eWEEK it was spammed out en-masse. So if you see an e-mail about a Windows update, throw it in your ‘Deleted Items’ folder. And a note to spammers: Try using the spell-check feature.