Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fake patch Tuesday spam contains attached virus

Sophos : 15 October, 2008  (Technical Article)
Latest spam campaign claims to be from Microsoft with malicious code embedded in attachment disguised as file containing patch updates
IT security and control firm Sophos is warning computer users to be on their guard following the discovery of a malicious Trojan horse spam campaign disguised as Microsoft's monthly security bulletin. The messages were first discovered yesterday and continue to cause problems today, coinciding with Microsoft's monthly 'Patch Tuesday' cycle - when the software giant issues an update of genuine critical patches.

Samples intercepted at SophosLabs have the subject line 'Security Update for OS Microsoft Windows' and claim to come from Steve Lipnser. The emails attempt to fool unsuspecting computer users that the attached file is a high priority update that should be installed by users of various flavours of Microsoft Windows. However, running the attached file infects Windows computer users with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC.

'Computer users need to learn that Microsoft never sends out security updates as email attachments, and that they should always visit the genuine Microsoft website, or use automatic updating processes, to keep their systems current,' said Graham Cluley, senior technology consultant at Sophos. 'By timing their attack to coincide with Microsoft's genuine monthly patch cycle, the spammers are hoping to trick more unwary computer users who might be awaiting the update, keen to defend themselves against future cyber attacks. However, falling for this scam will do precisely the opposite and could result in identity theft or financial losses.'

Sophos recommends that all computer users exercise caution when opening unsolicited emails, and ensure they are fully defended against attacks, including spam, phishing and malware.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo