Don't touch that Microsoft Security Bulletin email
Print storyTrojan hides under patch update
Posted in Software & Security, 28th June 2007 12:15 GMT
Free whitepaper – The future of SaaS and IT infrastructure management
Do not be tempted into opening an email with the subject line: "Microsoft Security Bulletin MS07-0065" because it is no such thing.
The email is not from Microsoft and contains a link to a webpage containing a trojan (disguised malware). The emails contain real people's names and the company they work for and looks like a genuine Microsoft email.
The mail looks pretty convincing and includes Microsoft and Windows logos. It claims that a zero-day vulnerability has been found that would allow hackers to get into machines running Outlook. The mail claims 100,000 machines have already fallen foul of the vulnerability.
There's more from Sophos here.
Graham Cluely, senior tech consultant for Sophos, said the attempted attack actually showed there was increased awareness of computer security because hackers are now using social engineering to take advantage of this improved understanding.
He said: "The irony is that as awareness of computer security issues has risen, and the need for patching against vulnerabilities, so social engineering tricks that pose as critical software fixes are likely to succeed in conning the public."®
Free whitepaper – Impact of the dramatic increase in devices on the cost to support
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Sign up, sign up for The Register IT security newsletter
Former top Sun exec mourns end of a franchise
Win an HTC Touch Diamond2!
Disties braced for autumn reseller collapses