Fake Microsoft Security Update

Malicious Emails being sent from the Pushdo botnet are pretending to be Microsoft Windows updates. The emails appear to come from customerservice@microsoft.com and contain an attachment named KBXXXXXX.exe, where X is a random number. This is a similar naming convention to many legitimate Microsoft updates.

To add to the legitimacy of the email the message contains a PGP signature at the end.

The attachment is detected as the Goldun or Haxdoor spy bots by many antivirus programs.

MailMarshal customers are protected from these emails with the current SpamCensor version 274.