View Full Version : Fake Microsoft update is Trojan horse virus: security firms

Apr 8th, 2005, 10:37 PM
Fake Microsoft update is Trojan horse virus: security firms

1 hour, 16 minutes ago

Add to My Yahoo! Technology - AFP

WASHINGTON (AFP) - A mass e-mail being circulated by hackers purporting to be a Microsoft Windows update alert directs computer users to a fake website where a Trojan virus is installed, security experts said.

AFP/HO/File Photo

The security firm Websense said it began receiving reports this week of the e-mail claiming to be from Microsoft, coincidentally after the software giant announced it was making security updates.

"This e-mail spoofs users into thinking that they must update their Windows software," Websense said.

"Upon clicking on the link, users are forwarded to a fraudulent website. This website is hosted in Australia, and was up at the time of this alert. The website appears very similar to the real Windows Update site."

But when a user attempts to perform the update, a Trojan horse virus is installed that allows hackers access to the infected computers, the company said.

The British-based security firm Sophos also issued a warning about the scheme.

"This criminal campaign exploits the public's rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen," said Graham Cluley, senior technology consultant for Sophos.

"We have long recommended that computer users keep up-to-date with the latest security patches, as Microsoft vulnerabilities are often exploited by viruses, worms and hackers. But users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers."

Apr 8th, 2005, 11:37 PM
hackers are so cool ._.

Apr 9th, 2005, 12:08 AM
what will they do next? :shrug:

Apr 9th, 2005, 03:24 AM
<RANT>i think it just shows why relying on updates to maintain secruity the way microsoft does is fucked up. instead, microsoft should do what apple and adobe and just able every other respectable software vendor does is RELEASE A SECURE PRODUCT. but i dont think microevil will ever do that because the public is so in love with thier crappy shit that they are willing to accept from microsoft what they would not be willing to accept from any other vendor.

sure all vendors security release updates now and then, apple has released a whooping 2 all year. but updates released by other vendors are by and large less regular and less serious.

</there is something about ranting about something random and unimportant once every few days that just feels so good>