Don't touch that Microsoft Security Bulletin email
Print storyTrojan hides under patch update
Posted in Anti-Virus, 28th June 2007 12:15 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Do not be tempted into opening an email with the subject line: "Microsoft Security Bulletin MS07-0065" because it is no such thing.
The email is not from Microsoft and contains a link to a webpage containing a trojan (disguised malware). The emails contain real people's names and the company they work for and looks like a genuine Microsoft email.
The mail looks pretty convincing and includes Microsoft and Windows logos. It claims that a zero-day vulnerability has been found that would allow hackers to get into machines running Outlook. The mail claims 100,000 machines have already fallen foul of the vulnerability.
There's more from Sophos here.
Graham Cluely, senior tech consultant for Sophos, said the attempted attack actually showed there was increased awareness of computer security because hackers are now using social engineering to take advantage of this improved understanding.
He said: "The irony is that as awareness of computer security issues has risen, and the need for patching against vulnerabilities, so social engineering tricks that pose as critical software fixes are likely to succeed in conning the public."®
Free whitepaper – The shortcut guide to managing certificate lifecycles
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Avoiding 7 common mistakes of IT security compliance
Securing your Microsoft Internet Information Services (MS IIS) web server
The mandate for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive