News

Fake Microsoft Security Update Makes Rounds

Sophos quickly warns of fake Trojan-laden e-mail disguised as Microsoft Security Bulletin update hitting inboxes.

A day after the Patch Tuesday release and in the same week Sophos announced a new partnership with Microsoft to educate and protect users from emerging IT security threats, the independent security firm announced something else Microsoft related -- or not.

The security and research firm on Wednesday afternoon indentified malicious Trojan horse-laden e-mails disguised as a notice for a "new Microsoft security update," which was supposed to coincide with the software giant's issuance of critical and important security bulletins as part of a monthly roll out cycle. The erroneous e-mails, which have the subject line "Security Update for OS Microsoft Windows," claim to have come from Steve Lipner at securityassurance@microsoft.com.

By timing an attack that comes in concert with Microsoft's real monthly patch batch, the hackers are attempting to seize on what might be the short attention span of IT pros on hectic weeks such as this one, when there are 11 fixes to consider. They also want to lure novices who might unwittingly just open the e-mail and the attachment thinking it's a regular Redmond note or newsletter.

The attachment is indentified as "high priority" and is written in the type of language reminiscent of e-mails from a "bank manager" who wants to hand over a vast fortune of a "deposed African dictator or overthrown government" with no strings attached. The fake Microsoft note begins as follows:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millennium, Microsoft Windows XP, Microsoft Windows Vista... ... .

Graham Cluley, senior technology consultant at Sophos, said in an e-mail statement that running the attached file would infect Windows users with the Mal/EncPK-CZ Trojan horse and give hackers control of the PC.

"It's laughable, but it's simple. Users should always visit the genuine Microsoft Website or use automatic updating processes to keep their systems current," he warned.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.