Fake Microsoft security updates circulate

April 9, 2005

M

Fri, 8 Apr 2005 22:15:41 -0500

Do not s in any email that claims to be from Microsoft.

Fake Microsoft security updates circulate

An e-mail campaign designed to lure people to a bogus Microsoft Web

site is making the rounds as part of an attempt to install a Trojan

horse, antivirus company Sophos said Friday.

Attackers are sending out fake e-mails that claim to come from

Microsoft's Windows Update. People who in the

message are steered to a site that looks like Microsoft's security

update site, where they are urged to download fake patches.

But should unsuspecting users download the bogus patches, they will

infect their computers with the Troj/DSNX-05 Trojan horse, according

to Sophos. That, in turn, will let the attackers remotely take control

of the infected PC.

" Microsoft does not issue security warnings this way, " said Graham

Cluley, Sophos senior technology consultant. " They don't send updates

in an HTML format, so don't follow the links in an e-mail. If you want

to see if an update is real, you need to go to the real Microsoft Web

site and check there. "

People, however, are likely to click on the phony Microsoft update

notices, given that they are making the rounds at the same time as

Microsoft is poised to issue its regular monthly security update.

" Next week, Microsoft is going to release their monthly security

patches. So with all the news that is out there about it, some people

may be tempted to click on the (bogus) link, " Cluley said.

Just wait till Jesus gets his hands on you, you little bastard......

Abbie Hoffman

Recommended Posts