Hackers spam fake Microsoft security update

Hackers are taking advantage of Patch Tuesday with a malicious Trojan email disguised as a Microsoft security update.

The email claims to come from Steve Lipnser at the address securityassurance@microsoft.com with the subject line "Security Update for OS Microsoft Windows." It asks you to run the file attached with the message and appears to coincide with Microsoft's genuine monthly patch cycle.

Microsoft never sends out security updates as email attachments, but the email tries to explain this by claiming it is "an experimental private version."

Graham Cluley, senior technology consultant at Sophos, said that running the attached file would infect Windows computer users with the Mal/EncPK-CZ Trojan horse and give hackers control of the PC.

He advised users: "They should always visit the genuine Microsoft website or use automatic updating processes to keep their systems current."

The fake update comes after Microsoft gave advanced notice of its monthly patch cycle for the first time.

A picture of the fake update is here.