You’d think that people would have gotten it through their heads that companies simply do not email about critical security updates, the FBI (or Homeland security or ANY Federal agency) will not email you requesting information and Microsoft will not send you an email containing security updates.  Nonetheless that has not stopped certain malware distributors from trying.

Their latest attempt to dupe the unsuspecting user is to send out an email containing an "Internet Explorer critical update" with a download link.  When the link is clicked the malware "Trojan-Downloader.Win32.Agent.avk" is downloaded and installed.

Once installed it will not only try to distribute itself across other computers but will then try to install who knows what on the now infected system.

The article at Computer World makes a good point "People who would notice probably would be the kind of people who wouldn’t click on the link."  What about those that would click on the link?

The answer is simple, Microsoft sends out regular update notifications via Windows Update or Microsoft Update, never ever will they email ANYTHING to ANYONE.

Any half-baked antivirus software would catch it as would any barely competent two-way firewall.  Provided both are up to date, that is.  Don’t have antivirus, don’t worry.  Don’t have a firewall, also, don’t worry.

---

Related:

Microsoft fixes Windows Vista Office 2007 patch issues

Windows Vista testers not getting security updates via Windows Update

Animated cursor flaw patch due from Microsoft early

The truth is out: Microsoft dupes consumers into buying Vista-incapable hardware

Microsoft employee emails show disgust with Vista

Entry was posted on Saturday, June 9th, 2007 at 12:55 pm under Microsoft, Security, Tips.  Print This Post

Read more entries by Jonathan Schlaffer.