Security Update for OS Microsoft Windows

MX lab intercepted emails with the subject “Security Update for OS Microsoft Windows” with a rather long email with the instructions to run the attached file named, in this case, KB934178.exe, which is a keylogger program that can capture all user keystrokes. It is known by Sophos as Mal/EncPk-CZ and F-Secure as Trojan-Spy.Win32.Goldun.bce. The message even includes a PGP sugnature to make it even more realistic.

The author has some some basic home work. Steve Lipner is indeed working for Microsoft as Senior Director of Security Engineering Strategy in Trustworthy Computing (found it on the net – what a title by the way) and has published the book The Security Development Lifecycle. You can also read some blog articles from Steve Lipner, and other authors, at http://blogs.msdn.com/sdl/default.aspx.

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.

—–BEGIN PGP SIGNATURE—–

Version: PGP 7.1

794OF0ZAO22DKAJUOQV1SEBNKIAM6AFIC2YR1ZHA6W55L9J2V4890Z7WGV56F
MZ63FIE80ZXC41KFNK6GK6WA2DBBS259GL8SMT8I83MEXOSZVIU3KRQR31J6YA
NFAR62PDBLEJIOW47E55XF1Y4D757C911KXRFK9ANFOBOF0BIEMGPO8CIC6O3IK
7Y487P92KYTZCTBWL5J069T69DT8MDDHAMGQX45BSMTOSYMZ43TNM81R8BPA
WQDN9MP3VX3PR14QTRJXT5G94IR2CDKAVMU56ZV48J69K5FPQ==
—–END PGP SIGNATURE—–

Virus Total permalink and MD5: 1ffcb1ea024c228ade6d8dad681c6ed7.

As a general rule, Windows only distributes patches and security update through Windows Update on your computer. Every other way of distribution by email is not recommended at all.