With users and administrators around the world scrambling to patch a zero-day flaw in Internet Explorer, cyber criminals have launched a new scam targeting Windows Update.
Security vendor Sophos said that the scammers have constructed spam messages which claim to originate from the [email protected] email address. The messages, which are designed to resemble official alerts from Microsoft, advise users that their systems might be at risk and advises visiting a supposed "update" page.
Upon clicking the link, however, users are directed to a phishing site which attempts to harvest email addresses for webmail services including Gmail and AOL mail.
"At first glance, if you don't look too carefully, the emails entitled 'Microsoft Windows Update' may appear harmless enough," wrote Sophos senior technology consultant Graham Cluley.
"But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft."
The phishing attack could prove particularly effective as it arrives amid the rollout of a critical security patch from the Microsoft. The out-of-band update, posted by the company on Friday, addresses a high-profile vulnerability in the 32-bit Windows XP versions of Internet Explorer 7 and 8. More recent versions of the browser and operating system are not considered to be vulnerable.
The flaw, which is triggered by way of an infected .swf file, had been exploited by attackers to perform covert malware installations.
While Microsoft has said that the scope of the attacks is "extremely limited," security experts and government agencies have gone so far as to advise users to consider the use of third-party web browsers on unpatched systems.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago