DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 959318 - Last Review: January 10, 2013 - Revision: 4.1

Symptoms

You may receive a fraudulent spam e-mail message that claims to be a security e-mail message from Microsoft. The message may claim that an attached executable is the latest security update. The e-mail message encourages recipients to run the attached executable "so they can be safe." 

The message may refer to an article in the Microsoft Knowledge Base. The following is a list of known Knowledge Base article numbers that have been used in these messages. However, the following Knowledge Base article numbers may also be used:
KB910721
KB199250
KB246586
KB294576
KB519287
KB535548
KB572906
KB585658
KB631829
KB763412
KB871565
In some cases, the message may resemble the following example:
Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

In some cases, the message may offer a bogus Conficker removal tool, or an “Outlook re-configuration” tool.

Cause

E-mail messages that claim to be security e-mail messages from Microsoft and that contain an attached executable are never legitimate. Such e-mail messages are bogus, or they are spoofs.

Additionally, the attachments may contain malware, such as Backdoor:Win32/Haxdoor. For more information about Backdoor:Win32/Haxdoor, visit the following Microsoft Malware Protection Center Encyclopedia Web site:
http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor (http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor)

Resolution

If you receive an e-mail message that claims to distribute a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. We recommend that you delete the message. Do not open the attachment.

If you did open the attachment, we recommend that you run the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software. For more information about the Windows Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base:
890830  (http://support.microsoft.com/kb/890830/ ) The Microsoft Windows Malicious Software Removal Tool helps remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
Additionally, you can run a free PC safety scan. To do this, visit following Microsoft Web site:
http://safety.live.com (http://safety.live.com)

More information

For more information about this issue, visit the following Microsoft Malware Protection Center Web site:
http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx (http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx)
Microsoft does not distribute security updates by using e-mail attachments. Security notification e-mail messages from Microsoft always encourage you to go the security bulletin for the updates. The security update bulletin contains links that open the following Microsoft Download Center Web site:
http://www.microsoft.com/downloads (http://www.microsoft.com/downloads)
We recommend that you obtain Microsoft security updates by using the links in the bulletins or by using deployment tools such as Microsoft Update, Windows Update, Windows Software Update Services (WSUS), or Systems Center Configuration Manager.

For example, to install updates from Microsoft, visit the following Microsoft Web site:
http://www.update.microsoft.com (http://www.update.microsoft.com)
For more information about attachment spoofing, visit the following Microsoft Technet Web site:
http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx (http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx)
The Microsoft Security Response Center (MSRC) uses Pretty Good Privacy (PGP) to digitally sign all security notifications. However, PGP is not required to read security notifications, security bulletins, security advisories, or install security updates. To obtain the MSRC public PGP key, visit the following Microsoft Web site:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx (https://www.microsoft.com/technet/security/bulletin/pgp.mspx)
To receive automatic notifications when Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on the following Microsoft Web site:
http://technet.microsoft.com/en-us/security/dd252948.aspx (http://technet.microsoft.com/en-us/security/dd252948.aspx)
For more information about how to help protect your personal computer, visit the following Microsoft Web site:
http://www.microsoft.com/protect/default.mspx (http://www.microsoft.com/protect/default.mspx)
If you want to talk with a live person about this issue and you are located in the United States, our Answer Tech trained professionals are ready to help:
Answer Desk (https://answerdesk.support.microsoft.com/default.aspx?mkt=en-us&skuid=4&partnerid=smc&rejoin=0&psrc=ms_smc&entryid=kb_959318_inline&prodcat=virus&productkey=awasaoffervirusremoval)

Applies to
Keywords: 
kbexpertiseinter kbsecurity KB959318
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support