posted on October 15, 2008 01:36:16 AM new
I just received the following from my computer guru.
If you get an e-mail from Microsoft telling you they're attaching the latest security update, please delete it. Most importantly, do not open the patch! All Microsoft patches must be downloaded from their website; they do not e-mail patches.
This is from ZD Tech Update, a highly respected tech newsletter I subscribe to: "We received some questions from customers about an e-mail that’s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren’t new (we’ve seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is not a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor."
