Microsoft spam email scam puts users at risk from Trojan

End users have been warned about a new email scam hitting their inboxes, which claims to contain a security update sent from the Mircosoft Digital Crimes Unit, but is in fact Trojan-infected spam.

The text of the email claims that "due to a new security vulnerability which is exploited by hackers to steal your online details, Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.

"Please download the Microsoft_SFT' file attached, extract the file on to your desktop and open. Once done you will be updated on Microsoft security database."

The email goes on to stress those who do not follow these instructions will be putting their personal or business email accounts at risk from attack by cybercriminals.

However, cyber-security firm Sophos said the supposed patch file attached to the email is actually a Troj/Agent-AANA Trojan.

Marcin Kleczynski, CEO of security vendor Malwarebytes, told IT Pro: "Cybercriminals are always looking to trade off the reputation of big organisations such as Microsoft, the FBI and other trusted brands to achieve malicious ends.

"People must be wary of such unsolicited approaches and resist the urge to succumb to the knee-jerk reaction to click a link or download a piece of software.

"In addition, all the usual rules apply, such as making sure all software is up-to-date and your anti-malware solution is running the latest definitions," he said.

Michala Wardell, head of anti-piracy at Microsoft UK, echoed Kleczynski's points, saying: "Cybercriminals often use the names of well-known companies, like ours, in their scams. We do not send unsolicited email messages or make unsolicited phone calls to users to request personal or financial information or fix their computer.

"If users receive an unsolicited email message or phone call that purports to be from Microsoft and requests that they send personal information or click links, delete the message or hang up the phone."