Hackers are showing their creativity and preying on the anxiety of computer users. In another attempt at social engineering, there are now fake Microsoft security bulletins. The end game is to have the security conscious victim download malware:

“The emails claim to describe a “Cumulative Security Update for Internet Explorer” that fixes a critical security flaw in the browser. It comes with a link entitled “Download this update.”

When users click on this link, they are taken to a server that attempts to install malicious software known as Trojan-Downloader.Win32.Agent.avk.”

Link: Fake Microsoft alerts hit ‘net

Remember, Microsoft does not email executable downloads or direct links to downloads. If there is any difference from the usual security routine for Patch Tuesday, be careful.

Catherine Forsythe

[tags]hackers, security, microsoft, social engineering, security bulletin, email, malware, patch tuesday, spoofing[/tags]