Fake Patch Tuesday alert leads to Zeus infection

The term “Patch Tuesday” has become widely known and is so intimately tied to Microsoft that it is no wonder that malware peddlers are using it to add an aura of legitimacy to their spammy emails:

As the latest patches are supposed to be out tomorrow, they have initiated a low-volume spam run that holds a link to a Zeus Trojan variant masquerading as the update.

“The executable (the fake patch) is being hosted on a compromised domain and at the time of writing holds an 11% detection rate on VirusTotal,” warned Websense researchers.

The message does look pretty legitimate – the headers were made to look like it is coming from Microsoft Canada, the text in the message is written in both English and French (the country’s two official languages) and there are very few spelling errors.

What could tip off the users to the fact that this is a fake message is the subject line (“URGENT: Critical Security Update”), with which the attackers try to generate a sense of urgency with the intent of making users less careful.

As always, users are advised not to follow links or download attachments contained in unsolicited emails.