Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Bogus Windows Firewall and Security Center Update Email Links To Malware

Outline
Email purporting to be from Microsoft Canada instructs recipients to click a link in order to download and install a high priority security update for the Microsoft Windows Firewall and Security Center.



Brief Analysis
The email is not from Microsoft and the link does not point to a security update. Instead, following the instructions in the message will download and install malware. Microsoft will never send security updates via an email.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 13th October 2011
First published: 13th October 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Critical Update For Microsoft Firewall and Security Center

Dear Customer,

Please notice that Microsoft has recently issued a Security Update for Microsoft Windows Firewall and Security Center.

This Update is to prevent malicious users from getting access to your computer files by executing arbitary code on a new buffer overflow found in the windows firewall process.

This is an high-priority updates. In order to help protect your computer against security threats and malicious code.

Please follow these instructions:

1. Download the file from
[Link removed]

2. Double-click on SECURITY_FIX_4081.exe to start the update.

3. Click on *Allow Access*

This is an Automated Message produced by Microsoft Canada Co., Please Do Not Reply

Microsoft Team.




Detailed Analysis
According to this email, which claims to be from Microsoft Canada, recipients should follow a link to download a "high-priority" security update for the Microsoft Windows Firewall and Security Center. The message claims that installing the update will help protect the user's computer against "security threats and malicious code".

However, the message is certainly not from Microsoft. Clicking the link in the message will not download a security update. In fact, following the instructions in this fraudulent email will download and install malware on the recipient's computer.

This fake Microsoft security update ruse has been used by online criminals over and over again over the past several years

Microsoft will NEVER send you an unsolicited email that asks you to install a security update either by following a link or by opening an attachment. Windows users should always update their Microsoft products via Windows Update.

Bookmark and Share

References
Fake Microsoft Critical Update
Internet Explorer 7 Latest Version Malware Email
Fake Microsoft Security Patch Emails
Fraudulent Email Alert Sept 29, 2011



Last updated: 13th October 2011
First published: 13th October 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer