Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 80 - March 2008 - Page 5

Pages in this month's issue:
  1. Postcard Image Virus Hoax
  2. Pay Up or I'll Kill You Scam Email
  3. Bacteria on Restaurant Lemon Slices Warning
  4. Water Bottle Car Fire Warning
  5. Fake Microsoft Critical Update
  6. Shark's Love for Man Hoax
  7. Cancer Info From Johns Hopkins Hoax Email
  8. Christian the Lion Email
  9. PayPal New Security Message Phishing Scam
  10. K-9 Congressional Medal of Honor Hoax
  11. Cell Phone Gun Warning
  12. 359lb Louisiana Grouper
  13. Ahmad Khaled Abu Rumman Make-A-Wish Foundation Hoax
  14. Barack Obama Endorsed by the Ku Klux Klan Hoax
  15. Telstra Free Directory Assistance Protest Email

Issue 80 Start Menu

Previous Article            Next Article

Fake Microsoft Critical Update

Summary:
Email claiming to be from Microsoft instructs recipients to click a link to install an "urgent" critical update for Windows computers.

Status:
False

Example:(Received, February 2008)
Subject: Microsoft Critical Live Update

URGENT: Please intall critical Windows XP/2000/2003/Vista update!

[Button and link lead to bogus Microsoft Update website]

A Screen shot of the fake update email:

Fake Critical Update Message




Commentary:
A malicious email disguised as a Microsoft Windows update advisory is currently being distributed. The official looking message, which appears to be from Microsoft, instructs recipients to follow a link to obtain and install an "urgent" critical update for Windows based computers. However, the message does not originate from Microsoft nor does it link to a real Microsoft security update. Instead, it is designed to trick unwary Windows users into downloading and installing malware.

Those who fall for the ruse and follow the link in the fake update message will be taken to an equally fake Microsoft Update web page. As the following screen shot shows, the email and web page are very similar in appearance:

Bogus Microsoft Update Website
If a visitor clicks the "Urgent" button on the bogus web page, a trojan dropper will be installed on his or her computer. The trojan dropper will then install other information harvesting malware components on the infected computer.

Internet criminals have used this fake Microsoft update tactic a number of times in the past. Be very cautious of any email that claims to be an update or patch from Microsoft. Microsoft does not distribute security updates via unsolicited emails. It is important that Windows users always install genuine Microsoft security updates as soon as possible, but they should only do so via the official Microsoft update website.

If you receive an email like the one shown above, do not follow any links in the message or open any attachments.

References:
Fake Microsoft Security Patch Emails
Spotted in the Wild: Rogue Microsoft Update Site

Previous Article            Next Article

Issue 80 Start Menu

Pages in this month's issue:
  1. Postcard Image Virus Hoax
  2. Pay Up or I'll Kill You Scam Email
  3. Bacteria on Restaurant Lemon Slices Warning
  4. Water Bottle Car Fire Warning
  5. Fake Microsoft Critical Update
  6. Shark's Love for Man Hoax
  7. Cancer Info From Johns Hopkins Hoax Email
  8. Christian the Lion Email
  9. PayPal New Security Message Phishing Scam
  10. K-9 Congressional Medal of Honor Hoax
  11. Cell Phone Gun Warning
  12. 359lb Louisiana Grouper
  13. Ahmad Khaled Abu Rumman Make-A-Wish Foundation Hoax
  14. Barack Obama Endorsed by the Ku Klux Klan Hoax
  15. Telstra Free Directory Assistance Protest Email