Bogus Microsoft Security Update Circulates
The newest e-mails--a sample which TechWeb received--play off the recent news that Microsoft released its May patch, a tactic so common that scams like this appear virtually every month.
"This is the latest version of security update, the 'May 2005, Cumulative Patch' update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express," the official-looking e-mail reads.
Astute recipients will know that Microsoft did release a patch in May, but only for a bug in Windows 2000, not IE or Redmond's e-mail clients.
Users who click on the Download Update link embedded in the e-mail will be infected with the Pinfi virus, and an as-yet-undetermined Trojan horse.
Microsoft has been the butt of so many such hoaxes that it's posted a lengthy document, "How to Tell if a Microsoft Security-Related Message is Genuine," on its Web site. The document includes a screenshot of an earlier edition of the same bogus e-mail.