Email Worm Poses As Microsoft Update, Warns MS

Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

Microsoft Email Security Updates Are a Scam

Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

This scam in particular takes advantage of Microsoft's well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft's Director of Security Assurance, Steve Lipner (who in fact does hold that role).

The recipient is then told to install the attached file, KB453396-ENU.exe (or a similar name), which is supposed to be the security update.

Worm, Virus Replicates Itself, Sends to Contact List

The email attachment (.EXE file) is actually a worm / virus, meaning that once it is installed on a users' PC, it will attempt to replicate itself by sending a copy of the infected attachment to all users on the host PC's contact list (address book).

The idea is to get the worm / virus on as many machines as possible in order to become part of a botnet. The botnet is then used to attack websites, corporate structures, and is even sold to other online criminals for their evil-doing.

Fake Alerts Contain Dubious Spelling, Dates

There are a variety of errors that reveal the message as a scam.

For example, the Microsoft update schedule is actually for the second Tuesday of the month, meaning the fake emails are a week early. More significantly, not only is the language of the email clearly not professional enough to be legitimate (suggesting it may be the work of people for whom English is not a first language), the writers have also misspelled the fake return address, writing no-reply@microsft.com rather than microsoft.com. (Source: networkworld.com)

Microsoft Security Checklist: How to Avoid Email Scams

Still, the sheer number of people using Windows means it takes only a tiny proportion of users to be fooled by such attacks to do a serious amount of damage. As a result, Microsoft has once again drawn its attention to a checklist for making sure a security email from the company is legitimate.

The checklist notes that Microsoft never includes attachments in an email. It also points out that any information it includes in such messages be duplicated on the Microsoft security site, so users should double-check to confirm this. To avoid confusion, the information always goes on the website before emails are sent out.

The company also advises that users do not click on links in security-related emails, but rather cut and paste the address into their browser. It also says that for added security it may be safer to visit the known home page of the site and navigate to the required information. (Source: microsoft.com)