Along with the vulnerabilities that Microsoft patched Tuesday, the software giant's customers have a new problem to grapple with: a fake notification e-mail that looks remarkably legitimate.

Attackers are apparently taking advantage of Microsoft's Patch Tuesday to send legitimate-looking e-mails that include a Trojan virus. Trojan.Backdoor.Haxdoor allows attackers to execute files and steal information from compromised computers. The fake mailing includes a legitimate-looking PGP signature, as well as purporting to come from a real Microsoft employee.

Christopher Budd, a security program manager in the Microsoft Security Response Center, offers this perspective on the e-mails in a security posting:

Posted by Justin Payton in Adware, Spyware and Trojans at 15:52

Q. Recently my computer was attacked by a program named Antivirus XP 2008 that, while claiming to protect your computer, is actually a virus itself.

It pops a big red warning block on the screen and asks the user to continue. Pressing continue brings up another screen asking for your Visa number so you can be billed $39.95 to get rid of the threat it has identified. Well, you'd have to be crazy to give them a credit card number.

I was unable to get rid of this attack software. Finally I had to reformat the hard disk, reload the operating system and begin anew. This malware is really bad news. If it should happen again, is there any way to get rid of it other than start all over?

-S.S., Swift Creek, N.C.

A. Antivirus XP 2008 is part of a growing threat category called "misleading applications," "rogue programs" or "scareware." These programs make false or exaggerated claims about the security of your system and request or demand payment to solve them.

Rogue programs can be found all over the Web, but they're more common on sites offering adult or pirated content, blogs and forums. Sometimes you can be infected just by visiting the site; other times, you may be tricked into downloading the program by bogus pop-up ads that look like Windows system warnings.

The problem is so pervasive that last week, Microsoft and the Washington state attorney general filed suit against two companies that use fake warnings to sell their Registry Cleaner XP software. They promised to pursue others, as well.

Posted by Justin Payton in Adware, Spyware and Trojans at 09:19