Application security, Malware, Patch/Configuration Management, Vulnerability Management

Fake Microsoft security update spreading malware

A new wave of malicious emails containing a fake Microsoft Windows security update began hitting inboxes in an effort to spread malware, researchers at anti-virus firm Sophos have warned. The messages, which appear to be sent from Microsoft's security team and contain the subject line "Update your Windows," advise users to update their operating system by downloading an attached executable file, Graham Cluley, senior technology consultant at Sophos, wrote in a blog post Tuesday. The attached file, called “KB453396-ENU.zip,” is actually an AutoRun worm. Users should be advised that Microsoft never distributes security updates via email attachments, Cluley said. – AM

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds