Fake Windows Critical Patch e-mail messages...
June 28, 2012 - "... detected significant activity related to spam e-mail messages that claim to contain a critical Windows patch for the recipient. The text in the e-mail message attempts to convince the recipient to follow a link and download the patch. However, the link directs the user to an .exe file that, when executed, attempts to infect the system with malicious code... The update.exe file has a file size of 610,304 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC420F57B55571DB9E3DE0BD4198CA6AA
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Windows Critical Update.
We Have released an emergency Windows update today after revealing that one of our trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Worlwide. Since the virus is highly targeted and can not be caught by most antivirus programs, the "vast majority of customers are at risk. Windows users are urged to install the new KB2718708 patch Immediately.
Click here to Download The Patch
"Microsoft does -not- send unsolicited communication about security updates... Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do -not- open the attachment."