The Channel logo


By | John Oates 28th June 2007 12:15

Don't touch that Microsoft Security Bulletin email

Trojan hides under patch update

Do not be tempted into opening an email with the subject line: "Microsoft Security Bulletin MS07-0065" because it is no such thing.

The email is not from Microsoft and contains a link to a webpage containing a trojan (disguised malware). The emails contain real people's names and the company they work for and looks like a genuine Microsoft email.

The mail looks pretty convincing and includes Microsoft and Windows logos. It claims that a zero-day vulnerability has been found that would allow hackers to get into machines running Outlook. The mail claims 100,000 machines have already fallen foul of the vulnerability.

There's more from Sophos here.

Graham Cluely, senior tech consultant for Sophos, said the attempted attack actually showed there was increased awareness of computer security because hackers are now using social engineering to take advantage of this improved understanding.

He said: "The irony is that as awareness of computer security issues has risen, and the need for patching against vulnerabilities, so social engineering tricks that pose as critical software fixes are likely to succeed in conning the public."®

comment icon Read 9 comments on this article alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe