Virus Alert: Beware fake Microsoft patch e-mails
Microsoft Security alerts are such a part of computing life that virus writers have now created spoof security alert e-mails to trick users into activating a trojan horse program.
Symantec's security response blog recently reported on the appearance of fake Microsoft Security Bulletins that either carried the Trojan.Dropper virus as an attachment, or included infected links in the e-mail.
The blog posting includes an example message purporting to be MS06-602, a cumulative security update for Internet Explorer. It's a plausible sounding message an an extremely clever piece of what security experts call "social engineering" to trick people into activating the malicious code - but no such bulletin exists.
"We urge users to refrain from opening files or clicking links in e-mails from unknown sources," writes blog contributor Vikram Thakur.
"We recommend all users to always keep their computers up-to-date on latest patch levels for all software installed. In doing so, it's important that users always download these patches from the original software vendor sites, by visiting the sites themselves rather than following links in e-mails or other third-party Web pages."
By John Stokdyk for our sister site, AccountingWEB.co.uk