Fake Microsoft security update spreads Autorun worm

Fake Microsoft security update spreads Autorun worm

Masked manHave you received an email seemingly from Microsoft’s security team telling you to “Update your Windows”? Have you been sent a file called KB453396-ENU.zip and told to run it on your Windows computer?

Well, think twice before following the instructions.

Cybercriminals are up to their old tricks, spreading malware under the disguise of a critical security patch from Microsoft.

In the current example, they’ve spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft’s security team – Steve Lipner – to try to fool you into believing it is genuine.

The emails have a subject line of “Update your Windows” and contain the following text:

Fake Microsoft security update email

Of course, Mr Lipner has nothing to do with the emails and Microsoft never distributes security updates via email attachments. Nevertheless, there have been a series of attacks that have abused his name in the past.

With so much effort being taken by the cybercriminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged email header. The messages we’ve seen claim to come from no-reply@microsft.com

That’s right. “microsft”.

SophosLabs had added detection of the malware as W32/Autorun-BMF, and in addition the ZIP file is detected as Mal/BredoZp-B.