Posted on 02/07/2005 11:01:51 AM PST by holymoly
Phishers are taking advantage of Microsoft’s new software anti-piracy initiative by launching a wave of phishing e-mails in an attempt to get credit card numbers from Microsoft customers.
The rogue e-mails also allow phishers to install spyware and adware on users’ machines.
Last month Microsoft said it would not allow users in some countries install software updates online unless they could prove that their Microsoft software was legitimate.
Security company Websense said it has received several reports of two new versions of spoofed e-mails that are being used to install spyware/adware onto end-user's machines and steal credit card details.
The first version of the e-mail claims to be from Microsoft's security department and offers the end user a new security tool in order to feel more secure.
The e-mail points to an URL which is hosted in Romania. Once the user accesses this site, a Microsoft Internet Explorer Browser Helper Object (BHO DLL) is then installed on the machine. This BHO is spyware.
The second version is an e-mail which also claims to be from Microsoft and claims that many people are illegally using its services without paying, and therefore Microsoft needs end users to update their credit card information and software serial number details.
The e-mail links to a website which also attempts to install a Browser Helper Object (BHO DLL).
Microsoft does not send unsolicited security e-mails.
I'm not sure.
It seems like their sending them spoof emails, telling them to go to a look-alike website, where they will be told to download the software and install it--i.e. a social engineering exploit.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.