Cisco Identifies a New False Microsoft Update Spam Campaign

As per the security experts at the security firm Cisco, a new malicious spam e-mail campaign in French has been identified, which claims to be from the key software player Microsoft.

The spam e-mail notifies readers that, the Microsoft Company has lately released a Security Update for Microsoft Windows OS. The e-mail further states that, the security update is to avert malicious users from gaining illegal access to the computer files. The update (in the e-mail) validates to the following OS versions: Microsoft Windows 98, Microsoft XP, Microsoft Windows 2000, and Microsoft Windows 7. The e-mail highlights that, the present update validates to high-priority updates category.

The e-mail further notifies that, to help safeguard the computer against security risks and performance troubles, Microsoft strongly suggest users to immediately download the update. The e-mail emphasizes that, as public distribution of this update via the official website would have led to the competent development of malicious software, they have decided to issue this security update through e-mail.

To install the update, the e-mail receiver is notified to click on a link enclosed within the text of the fake e-mail. The link reads 'SECURITY_FIX_0293.exe.

Cisco further highlighted that, this file is a malicious one, which once installed downloads malware on the users' computers.

Alarmingly, it is spam campaigns of the above mentioned kinds that led Cisco to conclude in their 'Global Threat Report' for the first quarter of 2011, that the number of unique malware types on the web augmented by 46% during January -March 2011. The report identified 105,536 cases of unique web malware during March 2011 compared to January 2011, when there were around 72,294 cases of unique web malware.

Due to the maliciousness related with the spam campaigns of the above mentioned kinds, security experts suggest users to practice easy security tips, such as: first, users are suggested to be wary of unanticipated and unwanted e-mails that they receive in their mail inbox. Further, users are recommended not to click on such links in e-mails (as in the above mentioned instance) unless they are completely convinced that the sender is reliable. Besides, users should keep in mind that software players, such as Microsoft never release updates through e-mails.

Related article: Cisco Finds Two Vulnerabilities and Recommends for Patches

» SPAMfighter News - 5/31/2011