A virus posing as a security patch from Microsoft Corp. is circulating on the Internet, Microsoft has confirmed.
The virus is being distributed in a hoax e-mail that advertises a patch for a series of vulnerabilities in Microsoft’s Internet Explorer Web browser and Outlook software. The authentic patch for those flaws was actually released in February. Microsoft said that it has not updated the patch and that the e-mail is in fact fraudulent.
The e-mail uses a Microsoft address and has the subject line “Internet Security Update.” It tells users to immediately run an attached “.exe” file with the name q216309.exe, which a Microsoft spokesperson confirmed was a virus.
A similar hoax e-mail was distributed in March carrying the W32.Gibe@mm worm, which installed a backdoor Trojan if opened that allowed remote access to a users computer.
The company first saw the e-mail early Monday after being alerted by IDG News Service and could not comment on how widely it may have been distributed. Microsoft is urging users to not run the attachment and referred users to information on its Web site about other hoax e-mails, online at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/hoaxes.asp.