Fake Microsoft security update carries Autorun worm
An e-mail supposedly coming from Microsoft and urging the recipients to update their Windows has started making rounds yesterday:
There are a lot of people out there who will immediately recognize this message for what it is, since Microsoft isn’t in the habit of sending critical security patches via e-mail.
But, there are also those who don’t remember such things, and might be fooled by the timing (Tuesday is the usual weekday when Microsoft issues security patches) or by the signature (the real Steve Lipner is actually a senior member of Microsoft’s security team).
On the other hand, the senders have made various mistakes. As per usual with similar e-mails, spelling mistakes are a giveaway, but in this case, the forged header (no-reply@microsft.com) is an even greater one. Let’s count ourselves lucky that these scammers are rarely very thorough and detail-oriented.
Sophos detects the attached KB453396-ENU.exe file as an Autorun worm.