Microsoft Security Bulletin Email



There is a trojan making the rounds that is acquired by clicking on links in an email. That’s not necessarily new, however…. this email represents itself as an authentic-looking Microsoft security bulletin and the links are supposedly to updates (sorted by Windows version.) It’s important to point out that Microsoft does not send registered users security notices in this manner and if you are concerned about security updates you should either enable automatic updates or visit http://windowsupdate.microsoft.com


The trojan installer looks reasonably authentic (“Welcome to microsoft Security Update Installation”) (they don’t use that exact verbage, but an uninitiated user wouldn’t likely now.) It has a legit looking EULA and a reboot notice at the end. The trojan itself is not yet detected by several scanners…. (AVG, Avast, McAfee, Norman, NOD32v2, TheHacker) It is detected by clamav as Trojan.Spy.W32.Luhn and Symantec as Trojan.dropper.

Luhn seems to be a popular name component from several AV vendors (this according to Sunbelt’s passing the bug through virustotal.)

So, be careful what emails you trust to click links on.

   Send article as PDF   

Similar Posts