Tuesday, April 08, 2008 12:16 PM
cmosby
Before Patch Tuesday, There Were Malware | TrendLabs | Malware Blog - by Trend Micro
The email, which first of all claims to be sent by Microsoft itself, informs users of a zero-day vulnerability in all versions of Microsoft Outlook and Microsoft Exchange Servers and asks users to download a patch to fix the bug. Installation of the patch is said to prevent systems from being compromised or exploited by malicious users.
To install the said “patch” would mean system infection, of course.
What’s interesting is that users could be infected in two different ways. There’s the attachment in the email, a malicious file that Trend Micro detects as TROJ_AGENT.AZZZ, a memory-resident Trojan.
Besides the malicious attachment, the spammed email message also contains a legitimate-looking link that, once clicked, redirects users to http://www.{BLOCKED}ook.de/sldb_daten/log/new.php. This Trojan downloads another Trojan from this Web site; the downloaded Trojan is detected as TROJ_AGENT.AZAZ.
Trend Micro users are already protected from these two Trojans. Still, everyone is advised to avoid trusting email messages, especially if they are unsolicited.
Source: Before Patch Tuesday, There Were Malware | TrendLabs | Malware Blog - by Trend Micro
Filed under: Patch Management, Internet Hacks, Spam\Phishing, Cybercrime, Software Vulnerabilites