Warning Over Fake Windows Update

Circulating as an e-mail the fake message points people at a bogus website that claims to host critical security updates.

But anyone downloading from the site will get a virus installed that opens a backdoor into their computer the program's creators can exploit.

Security firms and Microsoft urged users to ensure they visit legitimate sites when downloading updates.

Anti-virus firm Sophos spotted the e-mail which uses subject lines saying "Urgent Windows Update" and "Important Windows Update"

In the body of the message is a web link that looks like it should link to the Windows Update website but in fact links to a site controlled by the malicious hackers.

Anyone downloading the fake update on the bogus webpage will have their computer infected with the DSNX-05 trojan.

This opens a backdoor into the PC that could be exploited by the creators of the malicious program.

Warning over fake Windows update

Users are being warned to watch out for a fake Microsoft security update.

Circulating as an e-mail the fake message points people at a bogus website that claims to host critical security updates.

But anyone downloading from the site will get a virus installed that opens a backdoor into their computer the program's creators can exploit.

Security firms and Microsoft urged users to ensure they visit legitimate sites when downloading updates.

Fake sites

Anti-virus firm Sophos spotted the e-mail which uses subject lines saying "Urgent Windows Update" and "Important Windows Update"

In the body of the message is a web link that looks like it should link to the Windows Update website but in fact links to a site controlled by the malicious hackers.

+ + + + + + + + + + + + + + + + + + + + +

STAYING SAFE ONLINE
Install anti-virus software
Keep your anti-virus software up to date
Install a personal firewall
Use Windows updates to patch security holes
Do not open e-mail messages that look suspicious
Do not click on e-mail attachments you were not expecting

+ + + + + + + + + + + + + + + + + + + + +
Anyone downloading the fake update on the bogus webpage will have their computer infected with the DSNX-05 trojan.
This opens a backdoor into the PC that could be exploited by the creators of the malicious program.

Anyone falling victim to this could leave computer owners vulnerable to identity theft or having their computer used to send spam, attack other sites or host dubious material.

Microsoft said it only sent e-mails about security updates and incidents to those that have explicitly asked to be sent them.

Also it said it never sends out information about security problems before its website has been updated with information about problems.

This means that if users cannot find information about security problems mentioned in an e-mail on the Microsoft site, they should be suspicious of the message.

Microsoft also urged users to type in the name of the website they are trying to reach rather than use a hyperlink as these can hide spoof websites.

"Users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers," said Graham Cluley, senior technology consultant at Sophos.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/4425165.stm

Published: 2005/04/08 14:12:08 GMT

© BBC MMV

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.