We’ve just received a strange email (supposedly coming from
Microsoft) claiming that a new worm is spreading around and further
instructing the user to install the “patch” that came attached with
the email.
Sounds suspicious?
Of course it is… Clearly this is another social engineering
attempt by a malware. This isn’t the first time it happened though.
Some few years back, another malware by the name of WORM_KLEZ also
did the same thing, disguising itself as a “removal tool” for the
worm while the email to which it was attached almost had the same
message as this one. The only difference is that this email message
came with the familiar white-lettering-on-blue-background logo of
Microsoft, obviously a means to provide credibility to the
message.
Just some points on why the email can’t be genuine:
ONE: It references an old malware that is spreading
(Beagle.Worm.D)
TWO: It “pleads” not to take this advisory as a joke (which is
quite unprofessional for a company such as Microsoft)
THREE: It threatens the user in such a way that (s)he will be
liable for a lawsuit if the patch is not installed.
Whatever the technique used, the objective is still the same:
trick the user into opening/executing the attachment.
Again (I think we’ve mentioned it before somewhere, as well as
being mentioned in LOTS of other sites), Microsoft does not send
updates via email.
**By the way, the attachment does not properly execute(yep,
damaged) and based on an initial analysis, it is *supposed* to drop
various other files, but fails to do so. Which is a good
thing.**