It's Tuesday, time for more security patches from Microsoft right? Not quite. It seems the malware crowd is exploiting Microsoft's routine of releasing fixes on Tuesdays and sending out fake security emails bent on infecting their targets with a worm.
Windows users familiar with Microsoft's modus operandi will sniff out this scam immediately, though, and not only because of the cracked English in the message. The missive contains the security update in an attachment. Microsoft never sends security updates in attachments.
"Please notice that Microsoft company [sic] has recently issued a Security Update for OS Microsoft Windows," the fake notice reads in typical fractured prose.
It then goes on to give instructions for installing the fake security file, KB453396-ENU.exe. "If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine," it explained
In the signature block of the message is the name of Microsoft Director of Security Assurance Steve Lipner. Lipner's name has been used on bogus security updates before, including attacks in 2008:
http://nakedsecurity.sophos.com/2008/10/13/marks-spencer-email-hoax-resurgence/ and 2009:
http://nakedsecurity.sophos.com/2009/12/04/beware-fake-microsoft-updates-coming-email/Graham Cluley, who wrote about the fake security notice for Sophos's Naked Security blog:
http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/ , noticed another bonehead error in the message. "With so much effort being taken by the cybercriminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged email header," he penned. "The messages we've seen claim to come from no-reply@microsft.com."
Yes, Microsoft's domain name is misspelled.
(CW)