Fake Microsoft Advisory Targeting French Users

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ

Fake Microsoft Advisory Targeting French Users

Postby TeMerc » Mon Dec 08, 2008 10:50 am


Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a ploy by scammers to trick users into executing a supposed fix for a Microsoft Security Advisory.

The fraudulent email message references a real Microsoft Security Advisory 951306 (also known as CVE-2008-1436). The email provides instructions in both French and English.

When the email's malicious attachment (MSC003-WIN.scr) is run, it connects via IRC to a BOT Controller, [removed]dns.be. This connection is not through the default port, but through port 81. The application binds to startup, ensuring it will be run automatically when the computer is restarted (as instructed in the email). The SHA1 of MSC003-WIN.scr is 2056c9fa1b97fca775cc7a01768fb39818963a94. Major antivirus vendors are not detecting the malicious attachment
0-= Continued @ Websense


Who is online

Users browsing this forum: No registered users and 2 guests