You receive a fraudulent e-mail message that claims that an attached executable is a Microsoft security update

Posted in Microsoft .NET Framework, Microsoft Exchange Server, Microsoft SQL Server | No Comments »

Article ID: 959318 – Last Review: November 5, 2008 – Revision: 1.0

You receive a fraudulent e-mail message that claims that an attached executable is a Microsoft security update

View products that this article applies to.

SYMPTOMS

You may receive a fraudulent spam e-mail message that claims to be a security e-mail message from Microsoft. The message may claim that an attached executable is the latest security update. The e-mail message encourages recipients to run the attached executable so they can be safe.

The message may refer to an article in the Microsoft Knowledge Base. The following is a list of known Knowledge Base article numbers that have been used in these messages. However, the following Knowledge Base article numbers may also be used:

KB199250
KB246586
KB294576
KB519287
KB535548
KB572906
KB585658
KB631829
KB763412
KB871565

In some cases, the message may resemble the following example:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Back to the top

CAUSE

E-mail messages that claim to be security e-mail messages from Microsoft and that contain an attached executable are never legitimate. Such e-mail messages are bogus, or they are spoofs.

Additionally, the attachments may contain malware, such as Backdoor:Win32/Haxdoor. For more information about Backdoor:Win32/Haxdoor, visit the following Microsoft Malware Protection Center Encyclopedia Web site:

http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor (http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor)
Back to the top

RESOLUTION

If you receive an e-mail message that claims to distribute a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. We recommend that you delete the message. Do not open the attachment.

If you did open the attachment, we recommend that you run the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software.For more information about the Windows Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base:

890830  (/Feedback.aspx?kbNumber=890830/ ) The Microsoft Windows Malicious Software Removal Tool helps remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000

Additionally, you can run a free PC safety scan. To do this, visit following Microsoft Web site:

http://safety.live.com (http://safety.live.com)
Back to the top

MORE INFORMATION

For more information about this issue, visit the following Microsoft Malware Protection Center Web site:
http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx (http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx)

Microsoft does not distribute security updates by using e-mail attachments. Security notification e-mail messages from Microsoft always encourage you to go the security bulletin for the updates. The security update bulletin contains links that open the following Microsoft Download Center Web site:

http://www.microsoft.com/downloads (http://www.microsoft.com/downloads)

We recommend that you obtain Microsoft security updates by using the links in the bulletins or by using deployment tools such as Microsoft Update, Windows Update, Windows Software Update Services (WSUS), or Systems Center Configuration Manager.

For example, to install updates from Microsoft, visit the following Microsoft Web site:

http://www.update.microsoft.com (http://www.update.microsoft.com)

For more information about attachment spoofing, visit the following Microsoft Technet Web site:

http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx (http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx)

The Microsoft Security Response Center (MSRC) uses Pretty Good Privacy (PGP) to digitally sign all security notifications. However, PGP is not required to read security notifications, security bulletins, security advisories, or install security updates. To obtain the MSRC public PGP key, visit the following Microsoft Web site:

https://www.microsoft.com/technet/security/bulletin/pgp.mspx (https://www.microsoft.com/technet/security/bulletin/pgp.mspx)

To receive automatic notifications when Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx (http://www.microsoft.com/technet/security/bulletin/notify.mspx)

For more information about how to help protect your personal computer, visit the following Microsoft Web site:

http://www.microsoft.com/protect/default.mspx (http://www.microsoft.com/protect/default.mspx)
Back to the top

APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
Back to the top
Keywords: 
kbexpertiseinter kbsecurity KB959318
Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

Related Articles or Pages

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image

Additional Articles From "Microsoft .NET Framework"

«
»