Virus Alert: Beware fake Microsoft patch e-mails

Microsoft Security alerts are such a part of computing life that virus writers have now created spoof security alert e-mails to trick users into activating a trojan horse program.

Symantec's security response blog recently reported on the appearance of fake Microsoft Security Bulletins that either carried the Trojan.Dropper virus as an attachment, or included infected links in the e-mail.

The blog posting includes an example message purporting to be MS06-602, a cumulative security update for Internet Explorer. It's a plausible sounding message an an extremely clever piece of what security experts call "social engineering" to trick people into activating the malicious code - but no such bulletin exists.

"We urge users to refrain from opening files or clicking links in e-mails from unknown sources," writes blog contributor Vikram Thakur.

"We recommend all users to always keep their computers up-to-date on latest patch levels for all software installed. In doing so, it's important that users always download these patches from the original software vendor sites, by visiting the sites themselves rather than following links in e-mails or other third-party Web pages."

By John Stokdyk for our sister site, AccountingWEB.co.uk


Already a member? log in here.

Editor's Choice

Upcoming CPE Webinars

Dec 3The materials discuss the concepts and principles in the AICPA’s new special purpose framework.
Dec 8Kristen Rampe will cover how to diffuse the tension in challenging situations in this one-hour webinar.
Dec 9A key component to improving your firm’s workflow efficiency while enhancing your profitability at the same time is how you leverage emerging technologies.
Dec 16Kristen Rampe will give tips on how to bring confidence into the room and build a valuable network.