There is a fake Microsoft patch email making the rounds, timed nicely to coincide with the release of the latest set of updates from the software giant yesterday. Known as Haxdoor, the malware arrives in an email designed to look like an official communication from Microsoft, albeit with some pretty obvious spelling and grammatical errors. The clearest indicator might be that the patch is allegedly for “05 Windows.” (Maybe it was targeted at Vista’s original release date.) Once a user opens the file (KB589770.exe), which has a fake PGP signature, it drops a slew of files onto his machine. It then changes several registry keys and then establishes connections to two remote websites. Nothing good is coming from that.
This malware is another step down the path blazed by all of the fake antivirus programs that have been polluting inboxes for the last few months. I would hope that at this point, most enterprises are blocking executables at the gateway, which would prevent a lot of the headaches these things can cause. But if not, there’s no time like the present to start.