Don't touch that Microsoft Security Bulletin email
Trojan hides under patch update
Posted in Security, 28th June 2007 12:15 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Do not be tempted into opening an email with the subject line: "Microsoft Security Bulletin MS07-0065" because it is no such thing.
The email is not from Microsoft and contains a link to a webpage containing a trojan (disguised malware). The emails contain real people's names and the company they work for and looks like a genuine Microsoft email.
The mail looks pretty convincing and includes Microsoft and Windows logos. It claims that a zero-day vulnerability has been found that would allow hackers to get into machines running Outlook. The mail claims 100,000 machines have already fallen foul of the vulnerability.
There's more from Sophos here.
Graham Cluely, senior tech consultant for Sophos, said the attempted attack actually showed there was increased awareness of computer security because hackers are now using social engineering to take advantage of this improved understanding.
He said: "The irony is that as awareness of computer security issues has risen, and the need for patching against vulnerabilities, so social engineering tricks that pose as critical software fixes are likely to succeed in conning the public."®
Send corrections
IT infrastructure monitoring strategies
The new Office Garage series:
Data control in the cloud
Top 10 SIEM implementer’s checklist
