By Susan Bradley
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
Many Windows Secrets readers have recently received these fake e-mails. The scams have focused on a supposed upgrade for Outlook and Outlook Express - e-mail clients widely used in businesses.
The reason I'm writing today's short Patch Watch column - which is outside my usual twice-a-month schedule - is that a high number of these e-mails have reached people's inboxes, somehow evading the usual junk-mail filters.
These fake Outlook patch alerts have affected PC users worldwide. I even found a post from a Microsoft forum in China asking about the e-mail's validity. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.
Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature.
When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected - see this week's Top Story for details - you should always download updates for Windows and other Microsoft software only from Microsoft servers.
Source: LINK
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
Many Windows Secrets readers have recently received these fake e-mails. The scams have focused on a supposed upgrade for Outlook and Outlook Express - e-mail clients widely used in businesses.
The reason I'm writing today's short Patch Watch column - which is outside my usual twice-a-month schedule - is that a high number of these e-mails have reached people's inboxes, somehow evading the usual junk-mail filters.
These fake Outlook patch alerts have affected PC users worldwide. I even found a post from a Microsoft forum in China asking about the e-mail's validity. As the Sophos blog explains, if you follow the instructions in the bogus message, it results in your running nasty hacker code.
Actual security bulletin notices from Microsoft are quite dull. They never include direct links to the downloadable patch. Instead, they require you to go to a bulletin landing page. Most importantly, they're always signed with a PGP signature.
When in doubt, always download patches directly from the Microsoft Update site. Even considering the recent problems with update notifications that don't always appear in Windows as expected - see this week's Top Story for details - you should always download updates for Windows and other Microsoft software only from Microsoft servers.
Source: LINK







