Wednesday, October 28, 2020
  • Home
  •             

No, Microsoft has not released a new patch

June 1st, 2006 by Patrick S

“An e-mail that has been spammed out to lots of recipients looking like an e-mail from Microsoft, with a link to a patch that is supposed to be a patch for a new vulnerability in the Microsoft WinLogon Service. Of course it isn’t and even though the link looks like it’s going to www.microsoft.com it will take you to http://www.redcallao.com/[undisclosed]/winlogon_patchV1.12.exe instead which is a password stealing trojan that we detect as Trojan-PSW.Win32.QQPass.ho.

Using Microsoft and the “patch for a new vulnerability” theme is nothing new. Back in 2003 the e-mail worm Swen, which at the time was classified as F-Secure Radar 1, used the same social engineering vector but in an e-mail that looked like it actually could’ve come from Microsoft. The difference was that Swen had an EXE attached to the e-mail, something malware writers have stopped doing as most e-mail gateways and e-mail clients nowadays will block executable files as a preventation against new malware.”

Source F-Secure

Posted in MS News, Security | Comments Off on No, Microsoft has not released a new patch


This entry was posted on Thursday, June 1st, 2006 at 1:28 am and is filed under MS News, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


Comments are closed.