All the latest UK technology news, reviews and analysis
|
|
|
31 May 2006
Spammers have launched a campaign of bogus emails claiming to be security alerts from Microsoft, but which actually distribute malicious keylogger software.
The spammed emails, which purport to come from 'patch@microsoft.com', claim that a vulnerability has been found "in the Microsoft WinLogon Service" and could "allow a hacker to gain access to an unpatched computer".
Recipients are urged to click on a link in the email to download the patch. However, the link points to a non-Microsoft website and initiates the download of the BeastPWS-C Trojan, which is capable of spying on the infected user and stealing passwords.
When first installed the Trojan displays a bogus message which reads: " Microsoft WinLogon Service successfully patched." But the malware is secretly logging keystrokes and sending them to an email address belonging to the hacker.
"People are slowly learning that Microsoft does not email out security fixes as attachments, but they must also learn to be careful of blindly clicking on links to download fixes without checking that the email is legitimate," said Graham Cluley, senior technology consultant at Sophos.
"In this case, the hackers made a mistake by referring to 'Microsoft Coorp' rather than 'Microsoft Corp', but it is possible that users would miss this typo in their rush to protect themselves."
Cluley urged users to visit Microsoft's security website for information about patches.
"The hackers are playing a dangerous game because, if Microsoft finds out who is responsible for besmirching its name, it is more than likely to throw the full force of the law at them," said Cluley.
"Security is becoming a hot topic for Microsoft, and it does not want malware and spam to sully its public image through this kind of criminal activity."
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
For David Roberts
Hi, you can safely ignore the email. To see real MS patches see their security website Or just set Windows Updates to install automatically and forget about it. BTW, Microsoft's next scheduled patch release is 13/6. Hope this helps.
Posted by: Mark 31 May 2006
Bogus Microsoft emails
I have received an email today allegedly from "Microsoft Corporation Security Division" to "Partner" which states Microsoft Partner this is the latest version of security update, the "May 2006, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality of all previously released patches. i presumed this was something nasty and deleted it. Would appreciate comment
Posted by: David Roberts 31 May 2006