Microsoft investigating fake security email

An email pretending to come from Microsoft appears to be infecting the credulous
Written by Munir Kotadia, Contributor

Microsoft is investigating an email that pretends to be a security warning from the software heavyweight which patches a vulnerability in the "WinLogon Service".

The email has a spoofed "from" field so it looks like it has been sent from patch@microsoft.com. In reality it is most likely being mass spammed from an army of PCs that have been compromised and are under the control of a cybercriminal group.

A Microsoft spokesperson said on Monday morning that the vulnerability the email warns of does not exist, and that users should ignore the email.

"Microsoft advises users to ignore an email currently circulating which claims to provide a patch to a 'vulnerability in the WinLogon service' and implies it has been sent by Microsoft.

"This email is not from Microsoft Corporation and the claimed vulnerability and patch do not exist... Microsoft is currently investigating this fraudulent email," the spokesperson said.

If users have already been duped into clicking on the link, the spokesperson advised users to "immediately scan their computer using antivirus and antispyware tools".

Three years ago, the Swen worm (also known as Gibe.F) posed as a Microsoft security bulletin, and managed to infect millions of unpatched PCs.

The success of this led to numerous copycat messages, but none have so far managed to replicate Swen's success.

Editorial standards