Patch Tuesday is just around the corner and it’s ironic how a malware is using MS Security Update notification to propagate. SANS Internet Storm posted a report for this malware, which arrives on computers via spammed email messages carrying a link to a supposed patch to certain Windows vulnerabilities. To “dress up” this link, the email message purports to be a MS Security Update advance notification for the June 2007 batch release. Trend Micro detects this Trojan as TROJ_AGENT.JPO.
While it is good practice to be always updated with Microsoft patches, users should still be extra vigilant when receiving these kinds of notifications. Note that although Microsoft does send notifications for its security updates, the links in these alerts take users to the MS Security Bulletin pages themselves, and not to some server that directly installs the fixes to a computer. Users are therefore advised to directly go to the Microsoft Updates Web site page to check and download updates for their operating system.