Beware Of Fake Microsoft Updates Coming Through E-Mail
This notification from Sophos:
Email is still the most common method used for security update notifications from all major vendors, but it is also the most commonly used trigger for launching the chain of infection attacks by malware writers. When I came to work today I found in my Inbox a message from Microsoft with the Security Bulletin Advance Notification for December
. I immediately clicked on one of the links to visit the yet to be published December Security Bulletin and investigate how many critical vulnerabilities will be fixed this month.
Investigating advanced security notifications is important for us in SophosLabs. It may give us warnings of potential new attack vectors as well as rough estimates of amount of work while analysing the latest vulnerabilities and writing the analysis for next week. This month we are expecting three critical vulnerabilities that may result in remote code execution. Three disclosed critical vulnerabilities is not many, compared with some of the previous months. It seems that the vulnerabilities in Microsoft products are getting more difficult to find. Hopefully, the patch for the recently discovered IE vulnerability
will also be released.
Following the first message from Microsoft there are two emails from Apple Product Security team announcing availability of security updates for Java for Mac
and after them another message coming directly from Steve Lipner, Microsoft’s Director of Security Assurance. What an honour I thought, but then the content seemed to ring a bell. http://www.sophos.com/blogs/sophosla...malencpkee.jpg
The email contains a direct link to an alleged update executable file Windows-KBxxxxx-ENU.exe which immediately set the malware alarm off, since original Microsoft emails never directly link to an executable file or have an executable attached...
Blog link: Beware of fake Microsoft updates coming through email
Source: Sophos Labs Blog