Have you recently received an e-mail titled ‘Security Update for OS Microsoft Windows’ purportedly from microsoft.com? I just did and here’s what it looks like:
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice. In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
This is not from Microsoft obviously as they noted and should be deleted asap.
These fake e-mails claim they are part of a new “experimental private version of an update for all Microsoft Windows OS users.” The e-mail instructs the end user to download an attachment, which is actually a malicious Trojan Horse program known as Win32/Haxdoor. This software records sensitive information such as passwords and credit card numbers and sends this data back to the attackers who are running the scam.
In a recent blog posting on the scam Microsoft spokesman Christopher Budd, commented, “As a matter of company policy, Microsoft will never send you an executable attachment.” The only e-mails Microsoft does send out are to users who have opted-in to receive security notification by e-mails from TechNet Security Center and these emails are in plain text and never contain any sort of attachment.
