Tech

Spammers release hoax Microsoft security bulletin

Sophos has warned of a 'clever' social-engineering attack which cons users into thinking they have received a genuine security alert

Written by Tom Espiner, Contributor June 27, 2007 at 7:47 a.m. PT

Security vendor Sophos has warned of the presence of spoofed Microsoft security bulletins.

Emails with the subject line "Microsoft Security Bulletin MS07-0065" were sent by spammers on Wednesday morning to thousands of companies in the US and the UK.

Once users click on a link they are taken to one of many websites hosting a malicious piece of code Sophos is calling "Mal/Behav-112".

The security company said that, although antivirus products will now have been updated, users' machines could still become compromised if the compromised websites are made to point to a zero-day exploit.

"This is clever social engineering," said Sophos' senior technology consultant Graham Cluley. "The emails are addressed to the person by name, and a spurious licence key is given to make the emails seem more trustworthy."

The latest real Microsoft security advisory is MS07-0035.

Editorial standards

Show Comments

Spammers release hoax Microsoft security bulletin

Related

The work laptop I recommend to most people is not made by Apple or Lenovo

7 reasons I use Copilot instead of ChatGPT

Have an old Kindle? Whatever you do, do not do this one thing