 |
 Phishers' scam poses as Windows fix
April 11, 2005
New phishing technique targeting novice Windows users has been spotted in the wild - fake Windows Update solicitation. In an email that purports to have come from Microsoft, scammers create an official-looking company's email asking recipients to follow the attached link to update their Windows systems.
When the unsuspecting users click the link, they are led to maliciously-created website that mimics Microsoft's own WindowsUpdate service where through Active-X scripting the victim gets infected with the Troj/DSNX-05 Trojan horse virus. After the Trojan has invaded the PC, hackers can remotely control the stricken machine.
"Microsoft does not issue security warnings this way," said Graham Cluley, Sophos senior technology consultant. "They don't send updates in an HTML format, so don't follow the links in an e-mail. If you want to see if an update is real, you need to go to the real Microsoft Web site and check there."
The software maker is aware of the bogus e-mails, a company representative said Friday. It is encouraging people to go directly to its Web site for updates, instead of clicking on a link that purportedly takes them there. Once on the legitimate Microsoft site, they can click on the link that provides information on how to tell if a Microsoft security notice is legitimate.
|
|
