Fake Microsoft Patch E-Mail Lets Hackers Build BotnetFake Microsoft Patch E-Mail Lets Hackers Build Botnet

Be careful what Microsoft patch you download.

The Internet Storm Center is warning that hackers are spamming e-mail messages that purport to be a Microsoft security update. The phony e-mail doesn't carry any fixes. Actually, it contains malicious code to infect unwary users who open the message and click on any links or attachments.

"Microsoft would never e-mail patches, so I don't know why people still fall for this but they do," said Johannes Ullrich, chief technology officer for the Internet Storm Center, in an interview. "It seems like everybody got a copy of the e-mail. It was spammed out to a very large list. How many people clicked on it, I really don't know."

The malicious code in the so-called patch is a backdoor Trojan that opens the infected system so it can be remotely manipulated by the hacker. It basically turns the machine into a bot, which can be added to a growing botnet.

An advisory on the Internet Storm Center Web site noted that the hacker is particularly savvy, often including the victim's name or company name in the body of the message. So far, researchers have spotted four different URLs.

The body of one message reads:

"You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list. A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull."

Then a link is provided to the phony patch.

Microsoft provides users information on its security Web sites to help them recognize and avoid fraudulent e-mails.