While Microsoft was busily posting patches to fix a security flaw in its Outlook 98 and Outlook Express 4.x e-mail client, a Microsoft imposter was sending a false e-mail patch to users, claiming it was a fix from Microsoft.
If someone runs the fake patch, it sends an outgoing e-mail to a location in Bulgaria, according to Karan Khanna, a product manager for Windows NT security at Microsoft.
"The outgoing e-mail is all we can discern at this time, but the (fake patch) could be doing something else that we haven't been able to detect," Khanna said.
Russ Cooper, moderator for the NTBugtraq mailing list said that tests had been done on the patch, and that it appears to be malicious.
"It looks ugly. It attempts to spam a bunch of Bulgarian ISPs as far as we can tell," Cooper said. "There's all kinds of ugly words in it."
Khanna suggested that users should not run the executable, and should delete it from their hard drives if it has been detached. The name of the program is "IE080898.EXE".
The Trojan Horse e-mail identifies its sender as "Microsoft Internet Explorer Support Center" with an e-mail address of IESupport@microsoft.com. Often, the subject line reads, "FREE! Your upgrade for Microsoft Internet Explorer". But at other times, the message claimed that the patch fixed recently discovered security glitches in Microsoft Outlook, according to statements from Microsoft.
Microsoft on Monday posted on its Web site an authentic updated fix for the Outlook security flaw that was discovered in July.
"After additional testing, we found a variant on the first security issue," Khanna said.
This update fixes the variant, and includes the original fix Microsoft posted in July.