Email spoofing basically is when someone forges the header information making the email appear to have originated from somewhere other than the real source.
One such spoof is doing the rounds falsely claiming to be from Steve Lipner at Microsoft urging recipients to install an attached update.
The email is not from Microsoft, the malicious attachment contains Backdoor:Win32/Haxdoor, and of course you should not open it.
The Microsoft Security Response Center (MSRC)
First and foremost, we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof. You can think of our security notification e-mails as a notification for you to go the security bulletin to get the updates from the link in the bulletin to the Microsoft Download Center http://www.microsoft.com/downloads. You should always get our security updates from the links in the bulletins or through our deployment tools such as Microsoft Update or Windows Update, Windows Software Update Services (WSUS) or Systems Center Configuration Manager.
{ 0 comments… add one now }