E-mail scam disguised as Microsoft security update


E-mail scam disguised as Microsoft security update

Antony Savvas

Internet security company Websense is warning users of a new e-mail scam disguised as a Microsoft security update for the recent plug and play vulnerability.

Users receive a spoofed message requesting that they download a critical patch for the MS-05-479 vulnerability in order to be protected from hackers and viruses.

After clicking on the URL included in the spoofed e-mail they are directed to a fraudulent website hosted in Canada. The site uses screenshots of the real Microsoft security update site.

The website URL is hosted on a machine which appears to have been compromised by remote hackers, said Websense.

Included is a link to the “patch” which is a program called “plugandplayfix.exe”. Once clicked by the user a Trojan Horse virus opens a backdoor on the machine for remote attackers to use, and connects the PC to an IRC (internet relay chat) channel which allows information to be captured from the infected machine.

The virus also changes a number of security settings on the infected computer.

Microsoft does not send out personal e-mails linked to security updates. The company encourages users to subscribe to automatic security downloads, or to visit the main Microsoft site to periodically download updates.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy