If you've recently received an email with an attachment or link, asking you to install a patch or an update from Microsoft, please beware as this is in all probability a hoax and could transfer control of your computer to some unknown entity anywhere in the world.

Recently, we received samples of emails which prompted users to install patches for Windows, via fake Security Bulletins. The patches were either linked from the email or attached to the mail itself. Symantec products detect the linked file as Trojan.Dropper.

Click image for larger view

In this case, the installer distributed via this spam message did indeed include an original Windows patch distributed publicly by Microsoft. However, that wasn't the only file in the archive. If one tried to run the executable, in addition to the digitally signed patch, another piece of malware was installed on the host computer. This file is detected by us as Downloader. It in turn downloads and installs a Browser Helper Object (BHO) for Internet Explorer. This BHO is loaded whenever one runs Internet Explorer and makes contact with third-party hosts. A simple lookup of this site on your favorite search engine shows that this site name has been used by malicious applications several times in the recent past. Symantec is working to get this site shut down.

There are several suspicious looking items in this piece of spam message that could give away the fact that this is a hoax. For example here is one - in the picture above, the spammed Security Bulletin mentions MS06-602. This bulletin doesn't exist.

We urge users to refrain from opening files or clicking links in emails from unknown sources. We recommend all users to always keep their computers up-to-date on latest patch levels for all software installed. In doing so, it's important that users always download these patches from the original software vendor sites, by visiting the sites themselves rather than following links in emails or other third-party Web pages.