Fake "Update for Microsoft Outlook" Email Installs Bredolab.Y Trojan and Rogue Software Security Tool

A new spam email campaign was discovered by security researchers, which comes in the form of a fake Microsoft Update email as shown in figure 1 below. The spam email tricks computer users into installing the Bredolab.Y Trojan and leads them to the rogue anti-spyware application called Security Tool.

Figure 1. Panda Labs Fake Microsoft Outlook update spam message

Hackers will not stop at anything to exploit their latest malware. The Bredolab.Y Trojan variant and Security Tool rogue security program are just two examples of malware currently being spread through a new spam campaign that utilizes a fake Microsoft Outlook update message. Those affected by this new campaign have reported receiving a realistic-looking email message that appears to have come from Microsoft Support as demonstrated in figure 1 above taken from Panda Labs.

The spam email with the fake Microsoft Update is a dead giveaway after we took a closer look at it. First off, you must know that Microsoft does not issue updates or patches via email. In addition, the spam message includes an attachment zip file which may automatically install the Bredolab.Y Trojan upon executing the included .exe file.

Once a system is infected with the Bredolab.Y Trojan, it will install the rogue anti-spyware application Security Tool. Security Tool, by itself, has been known to cause havoc on any system that it is installed on by using deceiving tactics to force the purchase of the licensed version of Security Tool.

This is not the first time similar spam campaigns have been used to spread malware nor will it be the last time. Usually hackers will take advantage of recent news stories to spread malware via spam messages such as in the case of the Haiti Earthquake email scam campaign.

How many email messages do you receive each day and how many of them are spam campaigns attempting to spread some type of malware? Does your antivirus or antispyware application catch these threats if you accidentally open the attachment?