Spammers Exploiting Windows Security Alerts To Deliver MalwareWritten by Sue Walsh on October 15, 2008
A new wave of malicious spam is using fake Windows security alerts to deliver its payload. According to Microsoft, the emails claim the alerts are part of a new, experimental and private version of an update for all Microsoft Windows OS users.
The recipient is prompted to download an attached file containing the alleged update, which is really a Trojan called Win32/Haxdoor. It records passwords, credit card numbers and other personal information and sends them to the scammers. Fortunately this Trojan is detected by antivirus programs and the Windows Malicious Software Removal Tool.
“As a matter of company policy, Microsoft will never send you an executable attachment,” wrote Microsoft spokesman Christopher Budd in a blog posting on the scam. “If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof.”
In fact it’s a very good idea to delete any attachments ending in .exe unless you know who sent it and you are expecting it. Even then, you should download it to an USB or other removable storage device and scan it with your antivirus software before opening.
Remember, Microsoft delivers all its updates, security related and otherwise, via the update tool built into the Windows OS and never via email. In fact they are set to deliver 11 legitimate security patches later today. The patches include fixes for Internet Explorer, Excel and the Windows Active Delivery.