Fake Windows Security Update Spreading Malware

Tuesday, January 04, 2011



A fake security update notification for Windows is spreading malware code that installs an auto-run worm on PCs.

The email notification instructs users to update their windows operating system, and contains a zip file labeled as "KB453396-ENU.zip".

The subject line of the email says "Update your Windows", and contain a spoofed email header listing the sender as "no-reply@microsft.com" - note the missing "o" in "micorsft".

The content of the email is as follows:

Fake Microsoft security update email

There may be other versions of the email circulating which may contain variances in the sender, subject line, file name and email text.

Windows users should be on alert to any communications they receive purported to be from Microsoft Corp.

Microsoft never issues security updates via email, and users of the Windows operating system are advised to use the automatic updates option to ensure they always have the latest security updates installed as soon as they are released.

Source:  http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/

Possibly Related Articles:
Viruses & Malware
Email Microsoft malware Windows Operating Systems Headlines Alert Update
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.