NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0197 Fake Microsoft Security Alerts:

As you might expect, Microsoft's monthly patch release - expected on Tuesday - is often preceded by a spate of scammers trying to fake users into downloading malware before the patches are released. You might get an email message that describes a cumulative security update for Internet Explorer (one of the favorite targets) and talks about a critical security flaw (lots of them). Then there is a hyperlink for you to click to download the fix. But, when a user does that, it takes them to a server completely unrelated to Microsoft and attempts to download some malicious software of varying ilks which, if successful, will compromise the integrity and security of your computer. If you go to the SANS Internet Storm Center you can find a more detailed description of the attempted attacks, but suffice to say that there are OBVIOUS errors in the format of the message that technically savvy persons will catch, and if you simply understand that Microsoft has a defined numbering scheme that this doesn't match, you would never click on that hyperlink to begin with. Two email samples examined contained obvious errors - for example, although a patch claims to be issued in June 2007, it was labelled MS06-4 instead of the normal MS07-004.

But, the important thing is that a scammer only needs to fool a few people to be considered successful. But, the biggest tip-off is that Microsoft does send out notification emails when they publish security bulletins, but their links take you to the bulletin, NOT to an executable download.

(various sources, including IDG News Service 08JUN07 and SANS Storm Center 10JUN07)

Last Modified: Monday, 11-Jun-2007 19:40:37 EDT