Cisco: Microsoft Does Not Send Updates via Email


The security firm Cisco has identified a malicious spam e-mail campaign in French that claims to be from Microsoft. This spam email notifies readers that an important security update is available and will prevent malicious users from gaining illegal access to the computer.

Apparently, this “update” is attached to the email and validates to Microsoft Windows 98, Microsoft XP, Microsoft Windows 2000, and Microsoft Windows 7. The email states that Microsoft highly recommends the update to be installed to safeguard against security risks. In fact, the email also states that due to the potential of malicious software being developed, the update had to be delivered via email instead.

In the email, the user is notified to click on a link labeled “SECURITY_FIX_0293.exe.” When the update is installed, the user will have malware installed rather than a security update.

Security experts recommend that users follow some safe practices when it comes to malicious emails. First, users are suggested to be cautious of any email they receive in their mailbox. Secondly, users are urged to not click on such links in emails unless they know that the sender is reliable. Finally, a user should know that big time software companies like Microsoft do not release updates via email.

Recently, we learned from statistics generated by Microsoft’s new free malware scanning and scrubbing tool, Safety Scanner, that one in every twenty Windows PCs were infected with malware.