You receive a fraudulent e-mail message that claims that an attached executable is a Microsoft security update

Symptoms

You may receive a fraudulent spam e-mail message that claims to be a security e-mail message from Microsoft. The message may claim that an attached executable is the latest security update. The e-mail message encourages recipients to run the attached executable "so they can be safe." 

The message may refer to an article in the Microsoft Knowledge Base. The following is a list of known Knowledge Base article numbers that have been used in these messages. However, the following Knowledge Base article numbers may also be used:
KB910721
KB199250
KB246586
KB294576
KB519287
KB535548
KB572906
KB585658
KB631829
KB763412
KB871565
In some cases, the message may resemble the following example:


Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

In some cases, the message may offer a bogus Conficker removal tool, or an “Outlook re-configuration” tool.

Cause

E-mail messages that claim to be security e-mail messages from Microsoft and that contain an attached executable are never legitimate. Such e-mail messages are bogus, or they are spoofs.

Additionally, the attachments may contain malware, such as Backdoor:Win32/Haxdoor. For more information about Backdoor:Win32/Haxdoor, visit the following Microsoft Malware Protection Center Encyclopedia Web site:

Resolution

If you receive an e-mail message that claims to distribute a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. We recommend that you delete the message. Do not open the attachment.

If you did open the attachment, we recommend that you run the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software.


For more information about the Windows Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base:
890830 The Microsoft Windows Malicious Software Removal Tool helps remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
Additionally, you can run a free PC safety scan. To do this, visit following Microsoft Web site:

More Information


For more information about this issue, visit the following Microsoft Malware Protection Center Web site:






Microsoft does not distribute security updates by using e-mail attachments. Security notification e-mail messages from Microsoft always encourage you to go the security bulletin for the updates. The security update bulletin contains links that open the following Microsoft Download Center Web site:




We recommend that you obtain Microsoft security updates by using the links in the bulletins or by using deployment tools such as Microsoft Update, Windows Update, Windows Software Update Services (WSUS), or Systems Center Configuration Manager.



For example, to install updates from Microsoft, visit the following Microsoft Web site:
For more information about attachment spoofing, visit the following Microsoft Technet Web site:

The Microsoft Security Response Center (MSRC) uses Pretty Good Privacy (PGP) to digitally sign all security notifications. However, PGP is not required to read security notifications, security bulletins, security advisories, or install security updates. To obtain the MSRC public PGP key, visit the following Microsoft Web site:

To receive automatic notifications when Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on the following Microsoft Web site:

For more information about how to help protect your personal computer, visit the following Microsoft Web site:

If you want to talk with a live person about this issue and you are located in the United States, our Answer Tech trained professionals are ready to help:
คุณสมบัติ

รหัสบทความ: 959318 - การตรวจสอบครั้งสุดท้าย: 10 ม.ค. 2013 - ฉบับแก้ไข: 1

Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Standard without Hyper-V, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Service Pack 1, Windows Vista Business, Windows Vista Business, Windows Vista Enterprise, Windows Vista Enterprise, Windows Vista Home Basic, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Home Premium, Windows Vista Starter, Windows Vista Starter, Windows Vista Ultimate, Windows Vista Ultimate, Windows Vista Enterprise 64-bit edition, Windows Vista Enterprise 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows Vista Business 64-bit edition, Windows Vista Business 64-bit edition, Windows Vista Business, Windows Vista Business, Windows Vista Enterprise, Windows Vista Enterprise, Windows Vista Home Basic, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Home Premium, Windows Vista Starter, Windows Vista Starter, Windows Vista Ultimate, Windows Vista Ultimate, Windows Vista Enterprise 64-bit edition, Windows Vista Enterprise 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows Vista Business 64-bit edition, Windows Vista Business 64-bit edition, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 Standard Edition, Microsoft Windows Server 2003 Standard Edition, Microsoft Windows Server 2003 Enterprise Edition, Microsoft Windows Server 2003 Enterprise Edition, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Web Edition, Microsoft Windows Server 2003 Web Edition, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows XP Professional x64 Edition, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows Server 2003 Standard Edition, Microsoft Windows Server 2003 Standard Edition, Microsoft Windows Server 2003 Enterprise Edition, Microsoft Windows Server 2003 Enterprise Edition, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Web Edition, Microsoft Windows Server 2003 Web Edition, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows XP Professional x64 Edition, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows XP Service Pack 2, Microsoft Windows XP Home Edition, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional Edition, Microsoft Windows XP Professional Edition, Microsoft Windows XP Service Pack 3, Microsoft Windows XP Home Edition, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional Edition, Microsoft Windows XP Professional Edition, Microsoft Windows 2000 Service Pack 4, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Server

คำติชม