Risk: Medium
Like night follows day, a bogus "cumulative update" with a malicious attachment has followed Microsoft's patch day.
In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment.
The latest social engineering trick arrives via email with an attachment that purports to be a "cumulative patch" for May 2005.
The claim is that the executable file contains patches for vulnerabilities in Internet Explorer, Microsoft Outlook and Outlook Express, three widely used products with a history of serious security bugs.
The file is actually a variant of W32.Pinfi, a memory-resident polymorphic virus capable of replicating via mapped drives and network shares.
The Pinfi virus, also known as Pate or Parite, has been programmed to infect every PE and SCR file on every drive and network share.
It targets users of Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP and Windows Me.
"This is a common scam," said a Microsoft representative. "It's important to remind customers that Microsoft will never attach software updates to security e-mail notifications."
She pointed out that most Microsoft software updates are provided through Microsoft Windows Update, Microsoft Office Update, or the Microsoft Download Centre, adding that, as a best practice, "users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources."
Anti-virus vendor Sophos Inc. has provided step-by-step disinfection instructions for PE executables.