Beware of bogus Microsoft security bulletins

Summary:Organisations are being warned to be on the lookout for fake Microsoft security bulletins which spammers sent out yesterday to thousands of companies in the US and the UK.Security vendor Sophos said the bogus bulletins were sent via e-mails with the subject line "Microsoft Security Bulletin MS07-0065".

Organisations are being warned to be on the lookout for fake Microsoft security bulletins which spammers sent out yesterday to thousands of companies in the US and the UK.

Security vendor Sophos said the bogus bulletins were sent via e-mails with the subject line "Microsoft Security Bulletin MS07-0065".

Once users click on a link they are taken to one of many Web sites hosting a malicious piece of code Sophos is calling "Mal/Behav-112".

The security company said that, although antivirus products will now have been updated, users' machines could still become compromised if the compromised Web sites are made to point to a zero-day exploit.

"This is clever social engineering," said Sophos' senior technology consultant Graham Cluley. "The e-mails are addressed to the person by name, and a spurious licence key is given to make the e-mails seem more trustworthy."

The latest real Microsoft security advisory is MS07-0035.

Tom Espiner reported for ZDNet UK from London

Topics: Collaboration, Browser

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.