Users of Microsoft software products such as Windows and Office were warned this week against a new malware attack that disguises itself as a Microsoft Services Agreement.
Security vendor Sophos particularly warned the new malware attack may tend to fool users because it uses Microsoft's new logo.
"Of course, the emails were not sent by Microsoft at all. Cybercriminals have forged the email header to trick unsuspecting users into believing the communication is legitimate, and click on the attached file," it said in a blog post.
The clue that should alert users is the attachment's full name: Microsoft-Services-Agreement.pdf.exe, with the .exe suffix indicating it is an executable file.
But to many, especially those who do not set Windows to display the suffix of the file, the attachment may appear to be a PDF file.
"(S)ure enough, it is an EXE file. And it will embed itself as a backdoor Trojan horse in your Registry to automatically run on startup," Sophos said.
Otherwise, Sophos said the attachment could fool users because of its use of Microsoft's new logo and professional-looking font.
"So, don't be fooled by fancy fonts, trustworthy names and bland corporate-style emails like the above. Not all malware threats are spammed out posing as scandalous videos of Olympic gymnasts or a pigtail-wearing young woman who claims she went to school with you," it said. — TJD, GMA News