This e-mail has its title as "Update your Windows" and contains malicious file.
Besides, this mail is disguised as sent by Microsoft and induces user to download its attachment.
[Fake Microsoft security update spreads Autorun worm]
http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/
http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/
2. Spreading path and symptoms of infection
Detail is as following.
Furthermore, this mail is disguised as Windows Update related contents and induces user to download attachment for updating. The rumor has that "Steve Lipner is a name of Microsoft's employee."
Upon downloading attachment, victim can see ZIP file and get exe file as same as ZIP file's name.
Its name is same as normal Windows update file.
Upon executed exe file, its clone will be generated on certain path and it will change registry value.
- Generated files
(Driver root)\SecurityUSB.2.8.exe (217,600 bytes)
(Driver root)\boot.inf (43 bytes)
- Modify registry value
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
Value name : "Hidden"
Value data : 0
(Driver root)\SecurityUSB.2.8.exe (217,600 bytes)
(Driver root)\boot.inf (43 bytes)
- Modify registry value
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
Value name : "Hidden"
Value data : 0
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.
Yes! One of my friend had fell into one such trap when one fraudster sent her an email regarding a malicious file on her laptop and requires X amount of money to fix it she paid and never got any response, ever. https://getappvalley.com/ https://tutuappx.com/ https://tweakbox.mobi/
ReplyDeleteFound Interesting and wonderfull keep sharing
ReplyDeletewebsite