Add as a preferred source on Google


News

Fake Microsoft Security Update Makes Rounds

Sophos quickly warns of fake Trojan-laden e-mail disguised as Microsoft Security Bulletin update hitting inboxes.

A day after the Patch Tuesday release and in the same week Sophos announced a new partnership with Microsoft to educate and protect users from emerging IT security threats, the independent security firm announced something else Microsoft related -- or not.

The security and research firm on Wednesday afternoon indentified malicious Trojan horse-laden e-mails disguised as a notice for a "new Microsoft security update," which was supposed to coincide with the software giant's issuance of critical and important security bulletins as part of a monthly roll out cycle. The erroneous e-mails, which have the subject line "Security Update for OS Microsoft Windows," claim to have come from Steve Lipner at [email protected].

By timing an attack that comes in concert with Microsoft's real monthly patch batch, the hackers are attempting to seize on what might be the short attention span of IT pros on hectic weeks such as this one, when there are 11 fixes to consider. They also want to lure novices who might unwittingly just open the e-mail and the attachment thinking it's a regular Redmond note or newsletter.

The attachment is indentified as "high priority" and is written in the type of language reminiscent of e-mails from a "bank manager" who wants to hand over a vast fortune of a "deposed African dictator or overthrown government" with no strings attached. The fake Microsoft note begins as follows:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millennium, Microsoft Windows XP, Microsoft Windows Vista... ... .

Graham Cluley, senior technology consultant at Sophos, said in an e-mail statement that running the attached file would infect Windows users with the Mal/EncPK-CZ Trojan horse and give hackers control of the PC.

"It's laughable, but it's simple. Users should always visit the genuine Microsoft Website or use automatic updating processes to keep their systems current," he warned.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular