Malicious Microsoft E-mail Scam In The Wild

Websense Security Labs (TM) has issued an alert regarding an email that is making the rounds purporting to be a security bulletin and download from Microsoft. It should always be remembered, that Microsoft never releases a security patch via email.

According to Websense, users will receive an email message which urges the immediate installation of a cumulative security patch for the "plug and play" vulnerability. Upon visiting the site and running the code the user is infected with a password stealing Trojan Horse. The email heading appears as follows:

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

For more details including a screenshot of the email visit Websense Security Labs(TM)