Spam email hides 'fake Microsoft update' Trojan

A spam email that takes users to a fake Microsoft Windows update website and then infects their machine is spreading fast, according to anti-virus experts.

The email contains a link to a site purporting to be a Windows update page and then exploits a recent vulnerability in Internet Explorer to infect the user with a Trojan.

The fake URL is designed to fool people into clicking on it and is almost identical to the genuine Microsoft one apart from a hyphen.

Microsoft issued a patch it described as "critical" earlier this month. They included a buffer-overrun flaw that allows an attacker to run malicious code on a victim’s system and a problem that failed to stop a file-download dialogue box.

Jack Clark, product manager at McAfee, said his company had seen some activity around the email and warned users to get their patches up-to-date.

"Once again it is time to not only patch your anti-virus but your applications," he said.

Anti-virus company MessageLabs said it is currently detecting and stopping one of the rogue emails every minute.

Alex Shipp, senior anti-virus technologist at MessageLabs, said: "The attacker is obviously sending lots out and it's still ongoing. It is the typical activity of someone sending mass spam Trojans."

Shipp said although there are new components to the Trojan that would be downloaded onto a victim's PC, anti-virus software should detect and stop older code that allows it to run.

"As long as your anti-virus is up-to-date, even though you are going to miss the first two things because they are new, the things it ultimately downloads should be caught."