Phishers are taking advantage of Microsoft’s new software anti-piracy initiative by launching a wave of phishing e-mails in an attempt to get credit card numbers from Microsoft customers.
The rogue e-mails also allow phishers to install spyware and adware on users’ machines.
Last month Microsoft said it would not allow users in some countries install software updates online unless they could prove that their Microsoft software was legitimate.
Security company Websense said it has received several reports of two new versions of spoofed e-mails that are being used to install spyware/adware onto end-user's machines and steal credit card details.
The first version of the e-mail claims to be from Microsoft's security department and offers the end user a new security tool in order to feel more secure.
The e-mail points to an URL which is hosted in Romania. Once the user accesses this site, a Microsoft Internet Explorer Browser Helper Object (BHO DLL) is then installed on the machine. This BHO is spyware.
The second version is an e-mail which also claims to be from Microsoft and claims that many people are illegally using its services without paying, and therefore Microsoft needs end users to update their credit card information and software serial number details.
The e-mail links to a website which also attempts to install a Browser Helper Object (BHO DLL).
Microsoft does not send unsolicited security e-mails.