Fake Microsoft Patch Triggers Virus Attack
“In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft’s patching cycle to trick users into executing a malicious attachment.The latest social engineering trick arrives via e-mail with an attachment that purports to be a “cumulative patch” for May 2005.
The claim is that the executable file contains patches for vulnerabilities in Internet Explorer, Microsoft Outlook and Outlook Express, three widely used products with a history of serious security bugs.
The file is actually an executable for a variant of W32.Pinfi, a memory-resident polymorphic virus capable of replicated via mapped drives and network shares.“