Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Fake Microsoft Security Patch Emails

Emails claim to carry Microsoft security patches as attached files. Others direct recipients to a website to download an MS security update (Full commentary below.)

False, the attached files and downloads are computer viruses.

(Submitted February, 2005)
From: "Microsoft" [email protected]

Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: patch.exe

(Submitted June, 2005)

Arrives as an HTML email complete with official looking Microsoft logos (See screenshot below):
Email subject Line:
microsoft security update

Mail body:
MS Partner

this is the latest version of security update, the "June 2005, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help maintain the security of your computer from these vulnerabilities. This update includes the functionality of all previously released patches.

System requirements
Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later

Customers should install the patch at the earliest opportunity.

How to install
Run attached file. Choose Yes on displayed dialog box.

How to use
You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Screenshot of HTML email:
MS Patch Virus Email

It is not uncommon for viruses to arrive disguised as official Microsoft Security patches. The examples shown above claim to carry security updates for Internet Explorer. In reality, the attachments carry viruses.

The highly destructive Swen virus, the Dumura worm and others use this ruse to trick people into installing the viruses on their computers.

Some of these fake security upgrade emails direct the recipient to a website where they may be tricked into downloading a virus.

If you receive any email that claims to carry a Microsoft patch or security upgrade or asks you to visit a website to download a patch, treat it with extreme caution. Microsoft does not send security patches via email.

An article about these bogus emails on the Microsoft TechNet website states that:

Authentic security bulletin mailers never provide the patch itself or a link to the patch; instead, they refer the reader to the complete version of the bulletin on our web site, which provides a link to the patch.

For more information about how to identify fake MS Security emails, see:
Information on Bogus Microsoft Security Bulletin E-mails

Write-up by Brett M.Christensen