Hackers are using e-mails containing fake security bulletins from Microsoft, purporting to include patches for the Windows operating system, to spread malware.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
However, although the patches were either linked from or attached to the e-mail, the files also included a Trojan file that downloaded automatically.
Symantec's security response blog outlined the new social-engineering technique. The post, available here, notes that Symantec has recently monitored the virus.
Symantec urges users to download patches from the original software supplier sites by visiting the sites themselves rather than following links in e-mails or other third-party web pages.