The latest in email fraud: Fake Microsoft Security Alerts
Microsoft typically releases critical security patches to their Windows operating system and other software packages on the second Tuesday of each month. This is commonly known as “Patch Tuesday.”
Leaving no stone unturned, the bad guys have come up with a way to scare you into opening up email that purports to regard critical Microsoft updates, but when you click on the enclosed link, a server attempts to install a Trojan virus.
The email message describes a “Cumulative Security Update for Internet Explorer” that fixes a critical security flaw in the browser. It comes with a link entitled “Download this update.”
When users click on this link, they are taken to a server that attempts to install the virus Trojan-Downloader.Win32.Agent.avk.
The program then attempts to replicate by going out to other computers on the Internet and install the same software.
IMPORTANT NOTE: You would typically NOT receive email alerts when Microsoft releases their security updates. Instead, if you have Automatic Updates turned on, you’ll see a little yellow shield icon in your taskbar. The icon looks like this:
This is from Microsoft. You need to double-click the icon and install the updates.