Security researchers at BitDefender are warning of a new Trojan that is imitating a Microsoft Windows 7 compatibility tool, but is actually a Trojan dropper, spreading rapidly via an email attachment.
The email campaign includes a message urging the recipient to test their systems using the Windows 7 Upgrade Advisor by opening the tool contained in an attached .zip file. Once the victim executes the file, the Trojan downloads and installs a backdoor, which can be used by an attacker to force download other malicious programs.
Catalin Cosoi, the head of BitDefender's Online Threats Lab, said the infection rate for this attack doubled in a period of three hours after it was first discovered. Infections consist of a key logger which will intercept passwords and other credentials and a program that gives the attacker the ability to access and use the machine as a bot, Cosoi said.
"Software for compatibility checking for Windows 7 is quite tempting for users," Cosol said in an interview with SearchSecurity.com. "People are interested in switching to this operating system because it's a more secure product and they want to know if their machine is compatible because Windows 7 requires more resources."
The email campaign is in English. Attacks were first detected in the United States and quickly spread to Germany, Cosol said. Attackers have been using malicious files in email campaigns to install key loggers that can lift bank credentials and other account information. The campaigns have been low in number to evade detection. But in the last several months, attackers seem to be using the campaigns to acquire computers as part of larger botnets, Cosol said.
"They're moving away from stealing bank account information and into bot herding," he said.
A description of the Windows 7 campaign with screen shots is available at BitDefender's, Malware City blog.
Cybercriminals have used Microsoft in previous attack campaigns. In 2008, a fake Microsoft Patch Tuesday email circulated. In that same year, researchers at CA discovered a malicious program posing as a Windows Security Center. Once installed, the program informed users of non-existent infections. The program attempted to spread Windefender 2008, a fake spyware removal tool.