NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0225 Phishing Scam Urges Download of Fake Microsoft Patch:

Users are being warned of a new phishing scam telling recipients they need to download a Microsoft patch, according to a SANS Internet Storm Center advisory. SANS said that several readers reported receiving emails, from four different domains, claiming to be from Microsoft. The emails - some of which include the recipients full name and the company they work for in the letter body - inform recipients they must download a fix to address a zero-day vulnerability affecting OUTLOOK, according to one of the messages posted on the SANS site. The email, which contains some misspellings, tells the user that if exploited, the flaw can "take full control of the vulnerable computer if the exploitation process is successfull (sic)." It attempts to dupe users into visiting a site that appears like a legitimate Microsoft page that contains a malicious download. A Microsoft spokesman warned users to verify a site's certificate to ensure they are at a legitimate site.

(www.scmagazine.com 27JUN07)

Last Modified: Sunday, 22-Jul-2007 08:26:08 EDT