Experts at SophosLabs™, Sophos's global network of virus and
spam analysis centres, have warned users to be on their guard
against an attempt by hackers to break into their computers under
the disguise of being a Microsoft security update.
Sophos's spam labs have intercepted an email campaign intended
to direct innocent computer users to a bogus website, posing as
Microsoft's official website for critical security patches.
However, if users follow the links in the email and try and
download updates from the website they are infected by the Troj/DSNX-05 Trojan
horse, which allows hackers to take remote control of the infected
Emails sent by the hackers claim to come from "Windows
Update" <firstname.lastname@example.org> and include subject lines
such as "Update your windows machine", "Urgent Windows
Update", and "Important Windows Update".
The body of the email claims to link to Microsoft's Windows
Update site but instead links to a website under the control of the
|The email message pretends to come from
"This criminal campaign exploits the public's rising paranoia
about the security of their Windows computers. If users fall for it
they may put themselves at risk of being spied upon or having their
credit card and online banking details stolen," said Graham Cluley, senior
technology consultant for Sophos. "We have long recommended that
computer users keep up-to-date with the latest security patches, as
Microsoft vulnerabilities are often exploited by viruses, worms and
hackers. But users must be very careful to be sure they are going
to the official update websites, rather than just following links
in emails which have been sent by hackers."
The advantages of Sophos's approach to consolidated threats is
underlined by this incident. Anti-virus and anti-spam experts at
Sophos who work together were able to ensure that customers who ran
Sophos PureMessage had the bulk mailing intercepted at their email
gateways, and had the Trojan horse blocked from executing on their
desktops by Sophos Anti-Virus.
"Microsoft does not issue security warnings in this way - so
users should be on their guard whenever they receive an email like
this," continued Cluley. "It makes sense to keep your anti-virus
and anti-spam software up-to-date, but it is also wise to practise
safe computing and be wary
of unsolicited communications that might lead your computer into
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats as well as secure their desktop and servers with
automatically updated anti-virus protection.