Fake Microsoft Security Update Email Spreads Autorun 'W32/Autorun-BMF' Worm, Sophos

Sophos warn about a fake Microsoft email that's actually serving is malicious code masquerading as refreshes coming from Microsoft. The email seemingly from Microsoft's security team "no-reply@microsft.com", which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it's genuine -- […]

Sophos warn about a fake Microsoft email that's actually serving is malicious code masquerading as refreshes coming from Microsoft. The email seemingly from Microsoft's security team "no-reply@microsft.com", which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it's genuine -- telling you to "Update your Windows" and comes with a attached file called "KB453396-ENU.zip."

"KB453396-ENU.zip is really a nasty worm dubbed W32/Autorun-BMF that's being offered to unsuspecting users through emails which appear to be coming from Microsoft."

The emails have a subject line of "Update your Windows" and contain the following text:

Fake Microsoft Security Update email:KB453396-ENU.zip

Mr Lipner has nothing to do with the emails and Microsoft never distributes security updates via email attachments.

[tags]sophos,worm[/tags]

[Source]