Fake Microsoft security updates circulate

Status
Not open for further replies.

iinfi

mekalodu
Source: *news.com.com/Fake+Microsoft+securi...3-5660042.html?part=rss&tag=5660042&subj=news

An e-mail campaign designed to lure people to a bogus Microsoft Web site is making the rounds as part of an attempt to install a Trojan horse, antivirus company Sophos said Friday.

Attackers are sending out fake e-mails that claim to come from Microsoft's Windows Update. People who click on the link in the message are steered to a site that looks like Microsoft's security update site, where they are urged to download fake patches.

But should unsuspecting users download the bogus patches, they will infect their computers with the Troj/DSNX-05 Trojan horse, according to Sophos. That, in turn, will let the attackers remotely take control of the infected PC.

"Microsoft does not issue security warnings this way," said Graham Cluley, Sophos senior technology consultant. "They don't send updates in an HTML format, so don't follow the links in an e-mail. If you want to see if an update is real, you need to go to the real Microsoft Web site and check there."

People, however, are likely to click on the phony Microsoft update notices, given that they are making the rounds at the same time as Microsoft is poised to issue its regular monthly security update

Microsoft has posted a notice on its site saying that on Tuesday it will issue some critical patches for Windows, Office, MSN Messenger and Exchange.

The software maker is aware of the bogus e-mails, a company representative said Friday. It is encouraging people to go directly to its Web site for updates, instead of clicking on a link that purportedly takes them there. Once on the legitimate Microsoft site, they can click on the link that provides information on how to tell if a Microsoft security notice is legitimate.

Techniques like the Trojan horse e-mails are not new; malicious virus writers have in the past sent e-mails with attachments proclaiming to contain downloadable security updates. The Dumaru worm was one such example, Cluley said.

And in another example of attackers taking advantage of Microsoft's monthly patch cycle, malicious virus writers sent out bogus e-mails in January that claimed to come from Microsoft and that encouraged users to click on an attachment containing a Trojan horse.

The news spam e-mail started making the rounds on April 2 and continued through as late as 6 a.m. Friday PST, according to Sophos. The company noted that only 582 copies have been received, accounting for 0.04 percent of all spam that was tracked during that time by Sophos.
 
S

sunnydiv

Guest
u know, this has become so old, that anyone who falls for these, should fall for this, at least they learn a good lesson in life

which is:- do not trust links in email
 

Tech&ME

Banned
People should know this, Microsoft does not deliver updates through e-mails, nor does Microsoft provide any links for the updates in there e-mails. What Microsoft issues is an advance intimation newsletter for subcribers, so that people can plan for the updates. (Only information about future update are given by Microsoft.)

All the updates for Microsoft Windows is delivered through Windows Update or Software Update site of Microsoft.

People are strongly adviced not to go to these websites directly by typing there addressess on the address bar of your browsers. Instead do one of the following.

1. Either Click on the START --> All Programs ---> Windows Update.

2. Or Simply enable AUTOMATIC UPDATES option.
 

rajkumar_personal

Ignorance is BLISS !!
N-E-V-E-R update MS Windows via a link in an EMail

Any1 who is familiar with MS should know that MS seldom mails people to update their Windows !

The Best way is via the Windows Update in the "Help and Support" Section on the Start menu !!!


BEWARE and be alert against such emails !!!
 

pradeep_chauhan

Cyborg Agent
Hey guys i installed five updates today from the microsoft site i hope there is no site hijacking or thing like that. One update was to see if the system has any trojen / spyware installed on the system this one sounded a bit fishy any ideas if all this is genuine stuff . I wonder if alls ok.
 

aadipa

Padawan
pradeep_chauhan said:
Hey guys i installed five updates today from the microsoft site i hope there is no site hijacking or thing like that. One update was to see if the system has any trojen / spyware installed on the system this one sounded a bit fishy any ideas if all this is genuine stuff . I wonder if alls ok.

This is released every month and its OK.
 

frmneo999

Broken In
haa...thr r some real fools r out thr.. who evry time clcik yes FR"YOU NEED TO INSTAAL *** TO VIEW THIS PAGE" messages.. :evil:
 

mariner

Ambassador of Buzz
hell !!! wished i had seen this topic earlier . came back home after 4.5 months. started my pc and got a popup that some 18 updates are waiting . clicked to download and was going thru the previous issues of the mag and boon goes my pc. after 20 restarts it was back to formating and reinstalling....

gotta be in touch with latest developments..

thanx bud
 

Charley

Just Do It
pradeep_chauhan said:
Hey guys i installed five updates today from the microsoft site i hope there is no site hijacking or thing like that. One update was to see if the system has any trojen / spyware installed on the system this one sounded a bit fishy any ideas if all this is genuine stuff . I wonder if alls ok.

I regularly do the updates from the Windows update option, hope thats also safe. :eek:
 

saifoddin

Broken In
hay thaks for information but i think every body who use internet & windows should that microsoft provide it's update only through their windows updater they dont use e mail any way who dont know about that now knows
 

rohan

In the zone
Microsoft always states this thing clearly: We do not send any e-mails regarding security updates.
 

hsksattish

Broken In
There are also some good clients to keep windows up to date.I found bigfix very reliable and flexible.It also gets the updates as soon as they are out.I think more people with dialup connections should try it.
 
Hello Friends, its a nice joke. if you are using a original Version of Windows there's no way of hijacking the system. Use Geniue Microsoft Products, then you wont be Cheated. The Guys using the pirated versions will be getting the Trouble (these are the truth send by Microsoft Corporation) Please note that your system is not hijacked if you are using the Pirated softwares and if you are connected to the net. The Microsoft Company itself sends the Virus. This is the Truth.

With Regards,
R.Bhuvaneshbabu
09894433127
rbhuvaneshbabu@yahoo.com
 
Status
Not open for further replies.
Top Bottom