Experts at Sophos, a world leader in IT security and control,
have warned of a widespread attempt to infect email users by
sending them a warning about a bogus Microsoft security patch.
The emails, which have the subject line "Microsoft Security
Bulletin MS07-0065" pretend to come from Microsoft, and claim that
a zero-day vulnerability has been discovered in the Microsoft
Outlook email program. They go on to warn recipients that "more
than 100,000 machines" have been exploited via the vulnerability in
order to promote medications such as Viagra and Cialis.
Users are encouraged by the email to download a patch which, it
is claimed, will fix the problem and prevent them from becoming
attacked by hackers.
However, clicking on the link contained inside the email does
not take computer users to Microsoft's website but one of many
compromised websites hosting a Trojan horse. Sophos proactively
detects the Trojan, without requiring an update, using Behavioral Genotype®
Protection as Mal/Behav-112.
The emails claim to come from
Microsoft.
"Security bulletins from Microsoft describing vulnerabilities in
their software are a common occurence, and so its not a surprise to
see hackers adopting this kind of disguise in their attempt to
infect Windows PCs," said Graham Cluley, senior
technology consultant for Sophos. "The irony is that as awareness
of computer security issues has risen, and the need for patching
against vulnerabilities, so social engineering tricks which pose as
critical software fixes are likely to succeed in conning the
public."
In examples seen by Sophos experts, the emails have contained
the recipient's full name, and the company they work for, in an
attempt to lull users into a false sense of security.
"By using people's real names, the Microsoft logo, and
legitimate-sounding wording, the hackers are attempting to fool
more people into stepping blindly into their bear-trap," continued
Cluley. "Users need to be on their guard against this kind of
confidence trick or they risk handing over control of their PC to
hackers with criminal intentions. They should also ensure that they
are downloading Microsoft security updates from Microsoft itself,
not from any other website."
Sophos recommends companies protect themselves with a consolidated solution which can defend against the
threats of viruses, spyware, spam and hackers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.