NEWS FROM THE LAB - Monday, May 28, 2007

'Microsoft Support' has something very important to say Posted by Ian @ 21:20 GMT

A few hours ago, we received reports of an important update supposedly coming from Microsoft Support. Since this "update" is not part of the monthly cycle, we were, of course suspicious.

Looking at the e-mail, our suspicions grew due to the glaring typos and the non-Microsoft domain link.


The technical jargon used, however, might confuse normal users.

The sample contained in the link is now detected as Backdoor:W32/VanBot.CA since 2007-05-28_05.

Updates are always good, but in this case, also keep your virus definitions updated.


Updated to Add: The Ripway.com User Account has been terminated and the file is now removed from the site.