We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Windows 'patch' installs Trojan horse

Security bulletin claims 100,000 are infected

Messages insisting that users install a just-released Microsoft security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies have warned.

The spam, which touts ‘Microsoft Security Bulletin MS07-0065 - Critical Update’ as its subject and appears to come from ‘[email protected]’, claims users should download a June 18 security patch and provides a link to a URL that looks legit.

"A new 0-day vulnerability has appeared in the wild," the message reads. "The vulnerability affects machines running Microsoft Outlook and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull [sic]." It goes on to boast that 100,000 PCs have been hijacked so far by unnamed malware exploiting the bug.

However, the link takes users to one of several different attack sites that download a Trojan horse to the machine. "Security bulletins from Microsoft describing vulnerabilities in their software are a common occurrence," noted Graham Cluely, a Sophos analyst. "[But] by using people's real names, the Microsoft logo and legitimate-sounding wording, the hackers are attempting to fool more people into stepping blindly into their bear trap."

The SANS Institute's Internet Storm Center and Symantec's DeepSight threat network have also issued alerts on the fraudulent messages.

Playing the legitimacy card is an important ‘scam-spammer’ technique, James Blascovich, a professor of psychology at the University of California, Santa Barbara, said in a just-released paper on the mind games attackers play to persuade people that it's safe to open suspicious email. The fake security alert, for example, refers to ‘Genuine Microsoft Software’, a phrase the company itself heavily promotes; uses the recipient's first name in the body of the message; and includes a purported product registration key.

Alert users, however, will be immediately suspicious of the message - and not just because of the typical-for-spam misspellings - but because it labelled the update ‘MS07-0065’. So far this year, Microsoft has only reached MS07-035 in its numbering system.

See also:

Windows Vista review

Listen to the new PC Advisor podcast.

 

www.computerworld.com


IDG UK Sites

Samsung Galaxy Note 4 review: Great if you like big, expensive phones

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015