Virus Alert: Beware fake Microsoft patch e-mails
Microsoft Security alerts are such a part of computing life that virus writers have now created spoof security alert e-mails to trick users into activating a trojan horse program.
Symantec's security response blog recently reported on the appearance of fake Microsoft Security Bulletins that either carried the Trojan.Dropper virus as an attachment, or included infected links in the e-mail.
The blog posting includes an example message purporting to be MS06-602, a cumulative security update for Internet Explorer. It's a plausible sounding message an an extremely clever piece of what security experts call "social engineering" to trick people into activating the malicious code - but no such bulletin exists.
"We urge users to refrain from opening files or clicking links in e-mails from unknown sources," writes blog contributor Vikram Thakur.
"We recommend all users to always keep their computers up-to-date on latest patch levels for all software installed. In doing so, it's important that users always download these patches from the original software vendor sites, by visiting the sites themselves rather than following links in e-mails or other third-party Web pages."
By John Stokdyk for our sister site, AccountingWEB.co.uk
Voice of the Editor
Which isn’t completely true. I mean, occasionally I drop by when I manage to sneak out of the nonstop frat party over at Going Concern, but I’m mostly a wallflower over there. I’m happy to say that I’ve been given express permission (or explicit orders, if you like) to wander over here to AccountingWEB more often.
Why is that, you might ask? My job is to replace the irreplaceable Gail Perry as Editor-in-Chief. What does that mean? I don’t really know! I think it’ll be fun getting a feel for things, throwing in my own thoughts here and there, and listening to the discussions you’re having about the accounting profession.