Beware of bogus security fix e-mail

Originally posted Oct. 14 at 12:11 p.m., and updated Oct. 17 at 9:45 a.m.

A day after the Patch Tuesday release, and in the same week Sophos announced a new partnership with Microsoft to educate and protect users from emerging IT security threats, the independent security firm announced something else Microsoft related -- or not.

The security and research firm on Wednesday afternoon identified malicious Trojan horse-laden e-mails disguised as a notice for a "new Microsoft security update," which was supposed to coincide with the software giant's issuance of critical and important security bulletins as part of a monthly roll out cycle. The erroneous e-mails, which have the subject line "Security Update for OS Microsoft Windows," claim to have come from Steve Lipner at securityassurance@microsoft.com.

By timing an attack that comes in concert with Microsoft's real monthly patch batch, the hackers are attempting to seize on what might be the short attention span of IT pros on hectic weeks such as this one, when there are 11 fixes to consider. They also want to lure novices who might unwittingly just open the e-mail and the attachment thinking it's a regular Redmond note or newsletter.

The attachment is indentified as "high priority" and is written in the type of language reminiscent of e-mails from a "bank manager" who wants to hand over a vast fortune of a "deposed African dictator or overthrown government" with no strings attached. The fake Microsoft note begins as follows:

    Dear Microsoft Customer,

    Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millennium, Microsoft Windows XP, Microsoft Windows Vista....


Graham Cluley, senior technology consultant at Sophos, said in an e-mail statement that running the attached file would infect Windows users with the Mal/EncPK-CZ Trojan horse and give hackers control of the PC.

"It's laughable, but it's simple. Users should always visit the genuine Microsoft Website or use automatic updating processes to keep their systems current," he warned.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group