.jpg)
This past weekend TrendMicro’s TrendLabs identified a phishing e-mail message (see below) which asked the recipient to update Microsoft Outlook and Outlook Express. Here’s how the e-mail message starts out:
“Microsoft has released an update for Microsoft Outlook/Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook/Outlook Express and offers the highest levels of stability and security.”
.jpg)
It’s a fake
On a scale of one to 10 the authenticity of this scam e-mail is a nine. It’s very realistic, even the Contact Us, Privacy Statement, and Terms of Use active links direct you to the appropriate Microsoft Web pages.
The active link to worry about is the one directing you to where the critical update can be downloaded. It’s totally bogus. The words in the URL address appear to be correct, but the underlying source code is configured to download a file that contains the trojan malware called TROJ_ZBOT.BTS.
.JPG)
An especially nasty scam
This particular trojan contains an index of financial Web portals. Visiting one of the listed Web portals using an infected computer will activate a key logger in the trojan software. The trojan then records sensitive information such as usernames, passwords, and account information in some kind of a file. This file will then be sent back to the command and control server. I think we all know what happens next.
Final thoughts
Scam e-mail messages are improving in the way the message or Web site appear as well as being able to elicit some kind of a trigger response from us. I wrote an article about this and how to safely deal with e-mail attachments and links.
There’s no clear cut solution other than to not click on any active link. That’s not always possible though. In which case, please use caution and try the tips I suggested in my linked article.
I’d like to thank TrendMicro for the heads up and allowing me to use their slides. As a FYI, TrendMicro publishes daily updates concerning current malware activities that are available through RSS feed or e-mail newsletter.
For information about other Microsoft issues, please refer to Microsoft: One-stop for security tips.
Comments
If anyone has encountered this e-mail and clicked on the link, there are several options available to you. Most quality AV products will clear the trojan. But to be safe I'd recommend running the malware scanner MBAM by Malwarebytes.org. It's a great program and will easily remove this specific trojan, along with any other malware that may be residing on your computer:
You said "There’s no clear cut solution other than to not click on any active link. That’s not always possible though. In which case, please use caution and try the tips I suggested in my linked article." I saw no link, and would like to see that. Can you guide me to it? Thank you. Ann Gardner
Please tell me where to find the "tips I suggested in my l i n k e d article." I saw no l i n k to that article. Thank you.
Ann Gardner
Hello, Ann
Sorry for the confusion. I was referring to the article link I had in the paragraph just before the one you are talking about:
"Scam e-mail messages are improving in the way the message or Web site appear as well as being able to elicit some kind of a trigger response from us. I wrote an article about this and how to safely deal with e-mail attachments and links."
Where article is the link.
I hope that helps if not please let me know.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!