Fake Microsoft patches spread virus

Hackers are using e-mails containing fake security bulletins from Microsoft, purporting to include patches for the Windows operating system, to spread malware.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

However, although the patches were either linked from or attached to the e-mail, the files also included a Trojan file that downloaded automatically.

Symantec's security response blog outlined the new social-engineering technique. The post, available here, notes that Symantec has recently monitored the virus.

Symantec urges users to download patches from the original software supplier sites by visiting the sites themselves rather than following links in e-mails or other third-party web pages.