In association with heise online

22 May 2008, 12:17

Beware of fake Microsoft update notifications

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Criminals are once again sending out fake security update notices in an effort to spread their trojans. The emails notify recipients of a Critical Security Update for Microsoft Windows (KB946026) and include a link to what is claimed to be a patch. The style of the email is very similar that used by Microsoft to describe its downloads, including information on size and download times, although the sender's address - Microsoft Corporation - should alert readers to the danger of taking these emails at face value.

Fake update notification
Zoom As Microsoft never sends out emails linking to its security updates, recipients of such a message should be on their guard

Rather than fixing a security hole, installing the patch that the link sends you actually installs the Virut.AI IRCBot on your system. Thankfully, with the exception of eTrust, in a recent test all the popular virus scanners spotted this malware. You will find advice on email and safety in the Anti-Virus Services section of the heise Security site.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit