Microsoft Security Update Spam in Circulation

DO NOT open any email claiming to be a Security Update from Microsoft. Email users in the Swarthmore community are reporting that email pretending to be from microsoft.com is currently in circulation. The subject of the email claims that it contains information about an important security update. Below is one example of the subject line being reported (other variations may exist):

Important update from Microsoft Windows XP/2003 Professional
Service Pack 2 (KB946026)

The file associated with these emails has been confirmed as malware and initially looks like it could be used for “keylogging” (i.e., keeping track of every key a user presses in order to steal passwords, credit card numbers, etc.) and remotely taking over your PC.

How would I know this Microsoft email isn’t genuine?

misspellings in the email (including Microsoft!)

Microsoft will NEVER email you links to a security update download or an attachment to run

at Swarthmore, Windows PC’s download security updates automatically from a local, ITS managed server

viewing the email in textual format shows that the download URL doesn’t link to microsoft.com

As a reminder, you should never download a file that you weren’t already expecting nor open an email from someone you don’t know.