Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

No microsoft patches are available at www.NOT-A-Microsoft-security-site.com

Mar 16, 2004 5:09PM PST

Erik van Straten reported receiving a spoofed email that led to a spoofed Microsoft site that downloaded a trojan with instructions to run it to patch your system. The site name is www.microsoft-security-updates.com is NOT a Microsoft site. This gets redirected to h**p://d558597.u25.surftown.com/mstasks.exe mstasks.exe is identified by Symantec/Norton AntiVirus beta definitions as "Trojan.Etsur".

Repeat after me: Unless you subscribe to their email security notification service, Microsoft's policy is not to send notification of vulnerabilities. They never send patches in email to users.

http://isc.sans.org/diary.html

Discussion is locked