Zeus Poses as Fake Microsoft Security Update
Yesterday was patch Tuesday and in addition to the real thing, cybercriminals had their own "security"offering available. Messages are circulating that claim to be a security update from Microsoft.
Although we began seeing these email messages back on May 6th, they have been hitting our filters with regularity ever since. The messages are spoofed to appear from Microsoft and have the subject “URGENT: Critical Security Update”. The messages profess to contain a “Security Update for Microsoft Windows OS”. Ironically, the email states that the update will prevent malicious users from gaining access to your computer files, when in reality it will do just the opposite. The attachment is in fact another variant of the Zeus Trojan.
This social engineering ploy has been used in the past but will almost assuredly fool some portion of the message recipients. Remember, it is never a good idea to open attachments in a message from an unknown sender but what about in this case when the sender appears to be a trusted source? Consider the fact that sending an unsolicited attachment in an email is just not how companies go about disseminating updates. If you get a message like this and think that it may be real, go directly to the company’s website to look for update. As usual all of our customers are safe from this threat.
Here is a look at the message: