Email based update for Microsoft Outlook – Outlook Express contains trojan
February 3, 2010 Leave a Comment
MX Lab started to intercept messages with the subject “Update for Microsoft Outlook / Outlook Express (KB910721)”. These messages appear to come from the Microsoft Support department and contains instructions to install a new update for Microsoft Outlook / Outlook Express:
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.Instructions
* Install Update for Microsoft Outlook / Outlook Express (KB910721). To do this, follow these steps:
1. Run attached file officexp-KB910721-FullFile-ENU.exe
2. Restart Microsoft Outlook / Outlook ExpressSystem Requirements
* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
* This update applies to the following product: Microsoft Outlook / Outlook Express
The email has the 12kB big ZIP archive named officexp-KB910721-FullFile-ENU.zip. The extracted file is the 24 kB big file officexp-KB910721-FullFile-ENU.exe.
This piece of malware is known as W32/SuspPack.BI.gen!Eldorado (F-Prot), W32/FakeAV.AM!genr (Norman) or Mal/FakeVirPk-A (Sophos).
It is generaly advised not to install software, updates or patches for Microsoft software or the operating system that is distributed by email. Microsoft will only offer updates and patches through the official Windows Update channel on the Windows system itself.
Virus Total permlink and MD5: 925ca736b931a745b064896927cf20bc
