Personal PC Pro BlogFake e-mails to patch Outlook lead to malware
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
These fake Outlook patch alerts have affected PC users worldwide. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.
Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature. (See Figure 1.)
Figure 1. Microsoft's security-bulletin e-mails are always identified as PGP SIGNED.
When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected — see this week's Top Story for details — you should always download updates for Windows and other Microsoft software only from Microsoft servers.
Source: Windows Secrets
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
These fake Outlook patch alerts have affected PC users worldwide. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.
Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature. (See Figure 1.)
Figure 1. Microsoft's security-bulletin e-mails are always identified as PGP SIGNED.
When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected — see this week's Top Story for details — you should always download updates for Windows and other Microsoft software only from Microsoft servers.
Source: Windows Secrets
Labels: tips and tricks
posted by personalpcpro at
9:42 PM
Links to this post:
Create a Link
<< Home