Hackers hijack Patch Tuesday

Surreptitious hackers are using Microsoft's monthly update of security fixes to spread malware.

On the second Tuesday of each month, Microsoft issues security and performance fixes for its products, leading to the day becoming known as 'Patch Tuesday'.

But this month surfers have reported receiving 'spoofed' emails claiming to be from Microsoft security assurance director Steve Lipner.

The email includes an attachment with an .exe extension. It claims to be "an experimental private version of an update for all Microsoft Windows OS users".

Microsoft has a policy to never send out security updates as email attachments.

Recipients are urged to not open the attachment, even though the email claims it will "help protect your computer against security threats and performance problems".

Installing the update releases a Trojan horse which will infect your PC.

The Microsoft security blog carries all the latest details of security updates as well as measures you should take if you receive fraudulent emails.

"If you suspect that an email message is not legitimate, do not click any links in it. Those links might be spoofed so that they appear to send you to a legitimate website when they actually send you to a malicious one," Microsoft warned.

http://blogs.technet.com/msrc