In yet another attempt at using social engineering to get naive users to run untrusted programs, a malicious party has released a new Virus that sends itself around pretending to be from Microsoft and containing a cumulative security patch for May said to contain all fixes for Internet Explorer and Outlook*. What it really contains is a Trojan Horse that allows unfettered remote access to your computer and a copy of the Pinfi Virus.
E-mail can have it’s To and From fields forged very easily so it is wise never to judge the validity of such email based on those fields alone. Microsoft have indicated many times that they DO NOT send security patches via email, so any email purporting to be from Microsoft that has a program attached can be safely discarded.
If you use Windows and you don’t have an up to date Anti-Virus program, then you are asking to be infected eventually. Some Viruses do not require that you do anything but visit a web page in Internet Explorer to be infected so you can’t expect to be protected by diligence alone (In fact there have been Viruses in the past that required that you only be using Windows and connected to the Internet to infect you. No user action is required at all.). It should be illegal to use Windows and the Internet if you don’t have anti-Virus protection on your computer, particularly when there are many good free programs available. You should also check WindowsUpdate via your start menu (or if you use XP ensure you have auto update enabled) on a regular basis to have all the “real” security patches installed as soon as possible after their release. Not using Internet Explorer certainly doesn’t hurt either.
