Posted on 04/08/2005 8:38:54 AM PDT by Pendragon_6
An e-mail campaign designed to lure people to a bogus Microsoft Web site is making the rounds as part of an attempt to install a Trojan horse, antivirus company Sophos said Friday.
Attackers are sending out fake e-mails that claim to come from Microsoft's Windows Update. People who click on the link in the message are steered to a site that looks like Microsoft's security update site, where they are urged to download fake patches.
But should unsuspecting users download the bogus patches, they will infect their computers with the Troj/DSNX-05 Trojan horse, according to Sophos. That, in turn, will let the attackers remotely take control of the infected PC.
"Microsoft does not issue security warnings this way," said Graham Cluley, Sophos senior technology consultant. "They don't send updates in an HTML format, so don't follow the links in an e-mail. If you want to see if an update is real, you need to go to the real Microsoft Web site and check there."
People, however, may be likely to click on the phony Microsoft update notices, given that they are making the rounds at the same time as Microsoft is poised to issue its regular monthly security update.
"Next week, Microsoft is going to release their monthly security patches. So with all the news that is out there about it, some people may be tempted to click on the (bogus) link," Cluley said.
Microsoft has posted a notice on its site saying that on Tuesday it will issue some critical patches for Windows, Office, MSN Messenger and Exchange.
Techniques like the Trojan horse e-mails are not new; malicious virus writers have in the past sent e-mails with attachments proclaiming to contain downloadable security updates. The Dumaru worm was one such example, Cluley said.
this type of thing needs to be made illegal by each and every country in the world.
If there weren't so many MS security updates, then stuff like this wouldn't be believable.
I agree. And those caught "spoofing" and "phishing", or any other kind of online vandalism or crime should be severely punished. Though the computer is ubiquitous, it is far from being a trusted tool as long as these malicious acts go unpunished.
It probably is.
But the real problem is that nobody is ever caught. You can threaten with a million years in jail, but it won't do any good.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.