Fake Microsoft patch email sends users to Trojan Horse

A bogus patch update claiming to be from Microsoft is the latest phishing scam to keep IT managers on their toes.

Hackers are now circulating fraudulent email claiming to be patch updates from Microsoft, according to security...

companies and the SANS Internet Storm Center.

The deceptive email urges users to go to a fake url where they can download an "update," which is actually a Trojan Horse that could infiltrate their networks.

The center said it has received several recent reports of fake Microsoft email addressed to specific individuals at the companies where they work.

The emails claim that the recipients have been identified as users of Microsoft Genuine Software and that Outlook needs to be patched, according to the center.

The center's incident handlers said they have seen four different urls included in spam and that users are directed to the urls for updates. The email messages are reportedly rife with misspellings and use words that are similar to those that Microsoft uses but are not exactly the same.

Handlers have already submitted the malware to most antivirus vendors, according to the center.

Microsoft Internet Explorer 7 security features include anti-phishing capabilities that would alert a user who tries to click on the link of any Web site that has been designated as a threat, said Serdar Yegulalp, an author and editor of Windows Power Users Newsletter. It's likely that within half a day to a day, security vendors will update their products so they block users from accessing these sites, Yegulalp said. "But it certainly wouldn't hurt for an IT manager to inform people at large that this is a threat," Yegulalp said.

Microsoft does not usually send out random patch notices to users.

The company usually limits its updates to a group of monthly patches it announces on the second Tuesday of every month. Users can download them from Microsoft's Web site or through the company's update services.

Dig Deeper on Windows Server and Network Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

So you love horses? you probably love ponies too. At Horse,dates'org site, we have

collected some facts, fiction, myths legends, stories and tips about horses and

ponies that horse lovers will find delightful. We are principally a site that

brings singles who love horses together but we know that in addition to looking for

love on our site, some of our visitors are looking for useful information about

horses as well. We are not a one trick pony, you will find useful tips and

tutorials such as the basics of horse riding and other fascinating tutorials at our

countryside blogs.
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close