We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Warning over fake Windows security alert

'Microsoft email' includes Trojan Horse

Microsoft has warned that scammers are sending out fake emails that claim to include critical Windows security alerts.

The fake alerts describe themselves as part of a new "experimental private version of an update for all Microsoft Windows OS users", Microsoft said in a note on the scam.

The emails then instruct the victim to download an attachment, which is actually a malicious Trojan Horse program known as Win32/Haxdoor. This software records sensitive information such as passwords and credit card numbers and sends this data back to the attackers who are running the scam.

The malware is well-known, however, and is detected by antivirus programs as well as Microsoft's free Microsoft Malicious Software Removal Tool (MSRT).

Microsoft is set to deliver 11 genuine security fixes today. These updates include critical security fixes for Windows Active Directory, Internet Explorer, Excel and the Microsoft Host Integration Server.

But they will be delivered via Microsoft's standard automated update tools. Major software vendors such as Microsoft do not distribute security patches via email.

"As a matter of company policy, Microsoft will never send you an executable attachment," wrote Microsoft spokesman Christopher Budd in a blog posting on the scam. "If you get an email that claims to be a security notification with an attachment, delete it. It is always a spoof."

Microsoft does, however, send out security notification emails to customers who have asked to be told whenever patches are released or updated. These emails are in plain text and never contain any sort of attachment, Budd said.

Users who have doubts about any security notification email they've received can go to Microsoft's TechNet security Web site, which contains the same information as its e-mail notifications.

See all Microsoft news


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...