Fake Microsoft flaw notification trojan in the wild

Researchers are warning PC users not to fall for an email scheme that pretends to be a warning and patch for a newly discovered flaw in Microsoft WinLogon Service.

The email tells users the flaw can allow malicious users to access a PC, then redirects them a malicious link that downloads a trojan.

The scam should be familiar to computer security researchers, said researcher Bojan Zdrnja of the SANS Internet Storm Center.

"Does all this sound familiar? Sure, it’s (almost) the same story that the Swen worm (or Gibe.F) tried to ‘sell’ to the users. Hopefully this one will not come close to doing what Swen did," he said.

Microsoft releases vulnerability patches on its regular Patch Tuesday schedule, the second Tuesday of every month. On the Thursday before that date, it releases preview information about the fixes.

Microsoft released three patches this month, two for Windows and one for Microsoft Exchange. The next Patch Tuesday is scheduled for June 13.

Sophos named the malware Troj/BeastPWS-C, and said it is capable of spying on users and stealing passwords if downloaded.

Graham Cluley, senior technology consultant at Sophos, said users should be careful with emails.

"People are slowly learning that Microsoft does not email out security fixes as attachments, but they also need to learn to be careful of blindly clicking on links to download fixes too without checking that the email is legitimate," he said. "In this case, the hackers made a mistake by referring to ‘Microsoft Coorp’ rather than ‘Microsoft Corp,’ but it’s possible that users would miss that typo in their rush to protect themselves."