In the wake of two well publicized zero-day exploits (define) of Microsoft software, spammers have revived an old attack - sending out a fake e-mail from Microsoft urging recipients to click on the links to patch their systems.
The message, which says it's a Windows Live critical update from Microsoft (NASDAQ: MSFT), bears the Windows logo and has several links purportedly to the software giant.
One urges recipients to click on it to install updates, another to download Microsoft Update to scan their computers, and yet another purportedly lets recipients read Microsoft security bulletins.
The links point to an executable program hosted on a Web site in Italy, Cluley said in his blog.
"Microsoft is aware of reports of malware launching from fake e-mails with malicious links posing to be a download for the most recent security updates from Microsoft," Christopher Budd, the vendor's security response communications lead, told InternetNews.com by e-mail.
"Users should exercise caution with requests received from unknown sources, or received unexpectedly from known sources."
Budd also noted Microsoft updates are only available through Windows Update and Microsoft's malware removal site.
Microsoft doesn't e-mail people about updates," he said. "They try not to issue patches out of their normal monthly patch cycle unless it's a critical issue, and even then they don't send out e-mails."
Randy Abrams, director of technical education at antivirus vendor ESET, told InternetNews.com that fake update e-mails from Microsoft are an old form of attack. They were successful because, at that time, vendors advised users to open only e-mails from trustworthy sources.
"No one explained what trustworthy sources are, so we had a problem," Abrams said. "Eventually, Microsoft advised users not to open attachments at all."
Abrams went so far as to advise users not to open any attachments or links, even from a trustworthy source. "Go to the source's Website and key in the URL by hand," he advised.
Users who want to open links can do so if they are running Sandboxie, an application that runs programs in a sandbox, which is an isolated space on a user's hard drive, Abrams said. Available at this Web site, Sandboxie prevents programs from impacting other applications and data on the user's hard drive.
"It will sandbox Internet Explorer, Google Chrome, Mozilla, Windows Media Player, and it's an awesome line of defense," Abrams said. "It works really, really well."
No responsibility can be taken for the content of external Internet sites.
Return to internet news headlines
View Internet News Archive