Home : Security : News

Hackers spam fake Microsoft security update

Article
Gallery

A clever attempt to take advantage of Microsoft’s ‘Patch Tuesday’.

By Asavin Wattanajantra, 14 Oct 2008 at 11:53

gallery

Hackers are taking advantage of Patch Tuesday with a malicious Trojan email disguised as a Microsoft security update.

The email claims to come from Steve Lipnser at the address securityassurance@microsoft.com with the subject line “Security Update for OS Microsoft Windows.” It asks you to run the file attached with the message and appears to coincide with Microsoft’s genuine monthly patch cycle.

Microsoft never sends out security updates as email attachments, but the email tries to explain this by claiming it is “an experimental private version.”

Graham Cluley, senior technology consultant at Sophos, said that running the attached file would infect Windows computer users with the Mal/EncPK-CZ Trojan horse and give hackers control of the PC.

He advised users: “They should always visit the genuine Microsoft website or use automatic updating processes to keep their systems current.”

The fake update comes after Microsoft gave advanced notice of its monthly patch cycle for the first time.

A picture of the fake update is here.

Email to a friend

Print this page

< Previous Security : News Next >

Be the first to comment on this article

You need to Login or Register to comment.

Latest Security Analysis & Insight

Who to trust after the VeriSign hack?

Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.