A new version of an old virus fraud is circulating with a spoofed Microsoft address:
Subject: Critical security patch released!
From: Microsoft Corp. <firstname.lastname@example.org>
What’s clever and also amusing about this is it pretends to address a recent Microsoft update that addresses a different kind of spoofing:
Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
Here’s the full text of the virus that’s distributed via spam:
In a recent security bulletin , Microsoft has been informed that a flaw exists in the Microsoft Outlook products ( all versions ) and Microsoft Exchange Server products ( all version ) that could allow an attacker to compromise a successfully exploited computer.
The vulnerability is still 0-day meaning it cannot be patched if a computer has already been compromised, however Microsoft has released an emergency patch to reduce the potential successful atacks and fix this issue.
By applying this patch you will have the guarantee that your computer will not be affected by such an attack.
The most recent report shows a number of 513738 computers infected worldwide.
You are receiving this message because you have purchased a Genuine Microsoft Windows License.
The patch can be downloaded from the link below :
File Name: MSOUTRC2011Update-KB893092.exe
Date Published: 5/16/2011
Download Size: 183 KB
Estimated Download Time: 3 sec
1. Click the link above to start the download
2. Save the patch anywhere on your computer.If you want to start the installation immediately click Run in the download box, after clicking the link.
3. After you run it, the update will unpacking the security packages and apply them in background , not interfering with the tasks already running.
The original advisory of this vulnerability can be viewed by visiting the following URL :
What is exceptionally clever about this latest threat is that the links displayed above ARE the legitimate links for Microsoft’s site and are the actual documents and downloads for the stated issue.
However, within the actual spam email, while the message displays these links for the human reader, the HTML code actually redirects your browser to hijacked websites and uses these outside sites for the purpose of spreading the virus payload.
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.