Security news
Security news14 October 2008
Fake Microsoft security update spammed out to coincide with Patch Tuesday
IT security and control firm Sophos is warning computer users to be on their guard following the discovery of a malicious Trojan horse spam campaign disguised as Microsoft's monthly security bulletin. The messages were first discovered yesterday and continue to cause problems today, coinciding with Microsoft's monthly 'Patch Tuesday' cycle - when the software giant issues an update of genuine critical patches.
Samples intercepted at SophosLabs have the subject line 'Security Update for OS Microsoft Windows' and claim to come from Steve Lipnser at securityassurance@microsoft.com. The emails attempt to fool unsuspecting computer users that the attached file is a high priority update that should be installed by users of various flavours of Microsoft Windows. However, running the attached file infects Windows computer users with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC.
"Computer users need to learn that Microsoft never sends out security updates as email attachments, and that they should always visit the genuine Microsoft website, or use automatic updating processes, to keep their systems current," said Graham Cluley, senior technology consultant at Sophos. "By timing their attack to coincide with Microsoft's genuine monthly patch cycle, the spammers are hoping to trick more unwary computer users who might be awaiting the update, keen to defend themselves against future cyber attacks. However, falling for this scam will do precisely the opposite and could result in identity theft or financial losses."
Sophos recommends that all computer users exercise caution when opening unsolicited emails, and ensure they are fully defending against attacks, including spam, phishing and malware.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
