Bogus security bulletin plants trojan horse on user PCs
Chicago (IL) – Sophos warns about a fake Microsoft security that tries to lure users into downloading a patch that really is a trojan horse.
Computer users should be careful about a currently spreading emails that warns about a zero-day vulnerability in Microsoft Outlook. According to security firm Sophos, an email with the subject line "Microsoft Security Bulletin MS07-0065" claims that "more than 100,000 machines" have been exploited via the vulnerability, in order to promote medications such as Viagra and Cialis.
The email, which the company looks like an authentic email from Microsoft, takes the user to “one of may websites” hosting the malicious code identified as Mal/Behav-112, which is a worm with backdoor functionality.
“Microsoft has been issuing security bulletins for years detailing vulnerabilities in their software so it’s of no surprise that hackers are adopting this kind of disguise in their attempt to infect Windows PCs,” said Ron O’Brien, senior security analyst at Boston-based Sophos. “The hackers are using people’s real names, the Microsoft logo, and legitimate-sounding messaging in the email so computer users need to be very cautious.”
Sophos said that the emails display a bogus Windows licence key, the user’s full name and often the organization they are associated with.
Computer users should be careful about a currently spreading emails that warns about a zero-day vulnerability in Microsoft Outlook. According to security firm Sophos, an email with the subject line "Microsoft Security Bulletin MS07-0065" claims that "more than 100,000 machines" have been exploited via the vulnerability, in order to promote medications such as Viagra and Cialis.
The email, which the company looks like an authentic email from Microsoft, takes the user to “one of may websites” hosting the malicious code identified as Mal/Behav-112, which is a worm with backdoor functionality.
“Microsoft has been issuing security bulletins for years detailing vulnerabilities in their software so it’s of no surprise that hackers are adopting this kind of disguise in their attempt to infect Windows PCs,” said Ron O’Brien, senior security analyst at Boston-based Sophos. “The hackers are using people’s real names, the Microsoft logo, and legitimate-sounding messaging in the email so computer users need to be very cautious.”
Sophos said that the emails display a bogus Windows licence key, the user’s full name and often the organization they are associated with.
American Medical Association wants implantable RFID chips
- Internet TV revenue to grow nearly 14-fold by 2011
- Half the world to use cell phones in 2007
- Dell bundles online storage with computers
- iPhone line stand-ins charging $250
- Integrated voice chat coming to World of Warcraft
- Take Two chairman responds to Manhunt 2 debate
- 36% of U.S. to have HDTV next year: report
- Google opens up maps to non-profit orgs
- Sony preps PS3 firmware update 1.82
Intel dominates Top 500 supercomputer ranking
- Nintendo opens up Virtual Console to indie developers
- Alienware launches new Area 51 m9750 gaming notebook
- Best Buy boosts dividend and stock buyback
- Google and Yahoo beef up picture galleries
- 11n Draft 2.0 gear not working yet, but does anyone really care?
- Grand Theft Auto IV: Special Edition details emerge
- Study shows fastest, slowest Web speeds
- AMD announces arrival of HD 2400 and 2600 graphics cards
- Intel Tigerton processors aim for September
Sponsored
See more
Latest news
Miscellaneous Previous news
Partners
