Internet security company Websense is warning users of a new e-mail scam disguised as a Microsoft security update for the recent plug and play vulnerability.
Users receive a spoofed message requesting that they download a critical patch for the MS-05-479 vulnerability in order to be protected from hackers and viruses.
After clicking on the URL included in the spoofed e-mail they are directed to a fraudulent website hosted in Canada. The site uses screenshots of the real Microsoft security update site.
The website URL is hosted on a machine which appears to have been compromised by remote hackers, said Websense.
Included is a link to the “patch” which is a program called “plugandplayfix.exe”. Once clicked by the user a Trojan Horse virus opens a backdoor on the machine for remote attackers to use, and connects the PC to an IRC (internet relay chat) channel which allows information to be captured from the infected machine.
The virus also changes a number of security settings on the infected computer.
Microsoft does not send out personal e-mails linked to security updates. The company encourages users to subscribe to automatic security downloads, or to visit the main Microsoft site to periodically download updates.