Researchers warn of bogus Microsoft patch spam

By

Users are being warned of a new phishing scam falsely telling recipients they need to download a Microsoft patch.

Researchers warn of bogus Microsoft patch spam
SANS Internet Storm Center handler Donald Smith has written on the organisation's blog that several readers reported receiving emails, from four different domains, claiming to be from Microsoft.

The emails - some of which include the recipient's full name and the company they work for in the letter body - inform recipients that they must download a fix to address a zero-day vulnerability affecting  Outlook, according to one of the messages posted on the SANS site.

The email, which contains some misspellings, tells the user that if exploited, the flaw can "take full control of the vulnerable computer if the exploitation process is succesfull (sic)." It attempts to dupe users into visiting a site that appears like a legitimate Microsoft page.

A Microsoft spokesman told SCMagazine.com today that users should verify a site's certificate to ensure they are at a legitimate site.

"Spoofing attacks are commonly used in conjunction with phishing," the spokesman said.

Several anti-virus companies identified the malicious emails as containing a trojan downloader.

Earlier this month, researchers warned of an email campaign issuing bogus Microsoft security advisories, which contained a malicious executable that installed a browser add-on to the victim's PC.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?