MalwareTeks Blog

Reported on SANS Internet Storm Center

If you receive an email with a subject of Microsoft Security Bulletin MS07-0065 - Critical Update, that appears to be from “Microsoft Corp.” update@microsoft.com. Ignore it, it’s a fake.

The body of the message will start like this:

You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list.

A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull.

Since then, more than 100,000 machines have been reported as exploited and used to promote spammy pharmacy products such as viagra and cialis.

An update has been released to fix this issue and can be downloaded from the following link :

You will be asked to download a patch:
Filename:MSOUTRC2007Update-KB863892.exe
File length: 20480 bytes
MD5 hash: c7a8bde380043b5d8d7229e82db1c2fc

This appears to be a Downloader and installs Smitfraud.c.

Microsoft does not send email notifications to users about Windows Updates. If you receive emails of the nature, delete them immediately. Do not click on any links provided in the email.

If you have fallen victim to this scam it is advised that you complete the steps in our Malware Cleaning Guide.

Start a new thread in the Malware Removal Forum of this site.

Attach the following logs:

1. ISeeYouXp log
2. HijackThis log
3. Both Online AV scan logs

(You must Register before posting anywhere on this board. Registering is 100% FREE)