Internet fraudsters are sending out fake Microsoft security releases, resulting in users installing malware on their systems, reported Techworld.
The fake emails are titled ‘Cumulative Security Update for Internet Explorer’ and claim to fix a critical security flaw. When users click on the ‘download this link’ button they are taken to a server that attempts to install Trojan-Downloader.Win32.Agent.avk, which in turn attempts to reach out to other computers on the Internet in order to install more malware.
Lenny Zeltser, information security practice leader at Gemini Systems, argues that while technically aware users would recognise certain fraudulent signs, the schemes only need to convince a small number of people to work. "You wonder, does it really matter that there are these strange discrepancies in the way the fake security alert is written? People who would notice probably would be the kind of people who wouldn’t click on the link."