Microsoft is warning subscribers to their security alert updates and everyone about bogus emails being sent stating they are from Microsoft. Some of these email alerts are actually designed to try and spoof the receiver into downloading software that may contain malware or a virus. On their web site Microsoft states:
Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.
This tactic is known as spoofing.
Some of these messages lure recipients to Web sites to download spyware or other unwanted software. Others include a file attachment that contains a virus.
Microsoft has provided additional information if you suspect that the email is bogus:
If you suspect that an e-mail message is not legitimate, do not click any links in it. Those links might be spoofed so that they appear to send you to a legitimate Web site when they actually send you to a malicious one.
Instead of clicking any links in the notification, type or cut and paste the text of the link from the e-mail message to the address bar in your browser.
Note that there are ways to display a fake URL in the address bar of your browser. So even though it might appear you are on a legitimate Web site, you might be on a malicious one. To help limit this risk, begin on a Web site’s home page and try to navigate to the information you’re looking for.
Additional information concerning this problem can be found here.
[tags]microsoft, spoofing, emails, security, alerts, attachments, [/tags]