Fake Windows Security Update Really Virus

    April 9, 2005

There is an e-mail scam going around that appears to be a message from Microsoft warning Windows users of a security update which turns out to be a virus.

If the user clicks the link in the message which goes to a fake Windows web site, their computer will be infected with a “Trojan horse” program giving hackers access to their PCs.

“This criminal campaign exploits the public’s rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen,” said Sophos senior technology consultant Graham Cluley.

A Mercury News article says:

The campaign of bogus e-mails could be timed for around the same time as Microsoft’s latest regularly scheduled security update, planned for Tuesday.

Microsoft said it was aware of the scam and added that it would never use e-mails with attached software. “We really want to emphasize with customers that microsoft.com is the only place to get authentic security updates for Microsoft products,” the Redmond, Wash., company said in a statement.

The scam e-mail claims to come from “Windows Update,” with subject lines such as “Update your windows machine,” “Urgent Windows Update” and “Important Windows Update,” Sophos said. The message has a link to a Web site that claims to be operated by Microsoft but is actually used to download the malicious software to the victim’s computer.

Microsoft does not include attachments in any security bulletins.

WebProNews | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.