We've seen some copies of a fake Microsoft security bulletin. This bulletin is being spammed via email and it tries to con users into downloading a new Microsoft security update.

Real bulletins don't link directly to downloadable binaries; instead they link to a download site located at www.microsoft.com.

Here's what the fake bulletin looks like:



The link in the fake bulletin points to a hacked server located in ThePlanet's IP address space. The account in question already has it's bandwidth limit exceeded. Which is probably a bad sign.

As a sidenote, at the moment (June 2005), no update with the code MS05-39 exists. The last real security update from Microsoft is MS05-34.

This is not the first time virus writers are sending out fake MS bulleting. The Swen email worm did this already in 2003.