Barracuda Networks, a security company said that they have spotted a malicious “backdoor” virus. The virus, categorized by Barracuda Central as “Trojan.Backdoor.Haxdoor,” is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message.  The email informs the recipient that “Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millennium, Microsoft Windows XP, Microsoft Windows Vista.” Further, the fake email “strongly” recommends that the recipient install a “update” to “protect your computer against security threats and performance problems.”   Once installed, Barracuda Central determined that the malware "phones home," and leaves an outbound TCP connection open presumably to await further instructions.

The mail Looks like this

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.

Stephen Pao, vice president of product management for Barracuda Networks, said

The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack.Unsuspecting users without the proper virus protections in place, could mistakenly install the malware.  Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak’s early stages, we know the attack hit a significant global footprint.

Source : Barracuda Networks Detects and Blocks "Backdoor" Virus Sent via Fake Microsoft Security Update Email

You may also like to read

• Antivirus 2009 Removed From Almost 394000 Computers Thanks to Microsoft (3)
• Microsoft’s Security Update MS08-078 For IE [Update] (1)
• Microsoft Exchange Remote Connectivity Analyzer (0)
• First iPhone app of Microsoft : Seadragon (0)
• Commission release new cybersecurity plans for Obama (1)