Microsoft has again warned all Windows users to be alerted as scammers are sending out fake email to users. The fake email claims to be a security email from Microsoft and describes itself as part of a new “experimental private version of an update for all Microsoft Windows OS users”. It comes with an executable file and encourages users to execute this file in order to update their security system. Users who have run this file will be infected by a malicious Trojan Horse program known as Win32/Haxdoor. Win32/Haxdoor is a family of rootkit-capable backdoor trojans which gather and send private, confidential and sensitive users’ data to remote attackers.

For instance, it will collect users’ passwords, credit card numbers, bank account numbers, etc and send this data back to the attackers. This Win32/Haxdoor virus can also disable security-related software and redirect the infected user’s URL connection requests. Depending on the version of the operation system infected, Win32/Haxdoor may perform other malicious action, such as clearing CMOS settings, destroying disk data, and shutting down Windows unexpectedly.

The risk level for this malware is high. However, sers can use most antivirus programs to detect and remove it. Users can also use the free Microsoft Malicious Software Removal Tool (MSRT) to resolve this problem. This Microsoft’s free tool can check users’ computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and help to remove the infection if it is found. Users can get the free tool via the link here. The updated version of this tool can be downloaded from Microsoft on the second Tuesday of each month.

Microsoft has clarified that it is in its company policy that it will never send users an executable attachment. In the event users receive any email that claims to be a security notification and attached with executable files, users are advised to delete it immediately. Alternately, users can log in to TechNetSecurity to verify whether the security notice is a fake email.