Article ID: 959318 - View products that this article applies to.
Expand all | Collapse all

Symptoms

You may receive a fraudulent spam e-mail message that claims to be a security e-mail message from Microsoft. The message may claim that an attached executable is the latest security update. The e-mail message encourages recipients to run the attached executable "so they can be safe." 

The message may refer to an article in the Microsoft Knowledge Base. The following is a list of known Knowledge Base article numbers that have been used in these messages. However, the following Knowledge Base article numbers may also be used:
KB910721
KB199250
KB246586
KB294576
KB519287
KB535548
KB572906
KB585658
KB631829
KB763412
KB871565
In some cases, the message may resemble the following example:
Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

In some cases, the message may offer a bogus Conficker removal tool, or an “Outlook re-configuration” tool.

Cause

E-mail messages that claim to be security e-mail messages from Microsoft and that contain an attached executable are never legitimate. Such e-mail messages are bogus, or they are spoofs.

Additionally, the attachments may contain malware, such as Backdoor:Win32/Haxdoor. For more information about Backdoor:Win32/Haxdoor, visit the following Microsoft Malware Protection Center Encyclopedia Web site:
http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor

Resolution

If you receive an e-mail message that claims to distribute a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. We recommend that you delete the message. Do not open the attachment.

If you did open the attachment, we recommend that you run the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software. For more information about the Windows Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base:
890830 The Microsoft Windows Malicious Software Removal Tool helps remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
Additionally, you can run a free PC safety scan. To do this, visit following Microsoft Web site:
http://safety.live.com

More information

For more information about this issue, visit the following Microsoft Malware Protection Center Web site:
http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx
Microsoft does not distribute security updates by using e-mail attachments. Security notification e-mail messages from Microsoft always encourage you to go the security bulletin for the updates. The security update bulletin contains links that open the following Microsoft Download Center Web site:
http://www.microsoft.com/downloads
We recommend that you obtain Microsoft security updates by using the links in the bulletins or by using deployment tools such as Microsoft Update, Windows Update, Windows Software Update Services (WSUS), or Systems Center Configuration Manager.

For example, to install updates from Microsoft, visit the following Microsoft Web site:
http://www.update.microsoft.com
For more information about attachment spoofing, visit the following Microsoft Technet Web site:
http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx
The Microsoft Security Response Center (MSRC) uses Pretty Good Privacy (PGP) to digitally sign all security notifications. However, PGP is not required to read security notifications, security bulletins, security advisories, or install security updates. To obtain the MSRC public PGP key, visit the following Microsoft Web site:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx
To receive automatic notifications when Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on the following Microsoft Web site:
http://technet.microsoft.com/en-us/security/dd252948.aspx
For more information about how to help protect your personal computer, visit the following Microsoft Web site:
http://www.microsoft.com/protect/default.mspx
If you want to talk with a live person about this issue and you are located in the United States, our Answer Tech trained professionals are ready to help:
Answer Desk

Properties

Article ID: 959318 - Last Review: January 10, 2013 - Revision: 4.1
Applies to
Keywords: 
kbexpertiseinter kbsecurity KB959318

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com