This is not a Real Security Update
Following extremely closely after the notification of the expected patches for June 2007 comes news that malware is already spreading via spam that claims to be a valid Microsoft security update.
Even though this is not the first time that spam has been used to push malware on unsuspecting victims by claiming to be a valid update from Microsoft, the close timing to the advance notification for this month's patches has caught the attention of a number of Information Security groups.
From the various reports available about the spam, it appears that the body of the emails claim to supply patches for a range of vulnerabilities, using varied security update numbers and patch descriptions.
While the spam is relatively well constructed, the most obvious flaw is the release of a MS06 security update in the middle of 2007. For readers who are not aware of how Microsoft label patches and updates, the first four characters of the update are always MSXX, where XX is the current year.
Beyond that obvious flaw, Microsoft will not mass email users to tell them of an update - the built-in update services will already know about them.
10 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.