Microsoft update email said to be fake
April 11, 2005 - 10:40AM/the AGE
A mass email in circulation which purports to be a Microsoft Windows update alert directs computer users to a fake website where a trojan is installed, security professionals say.
The security firm Websense said it began receiving reports this week of the e-mail claiming to be from Microsoft, coincidentally after the software giant announced it was making security updates.
"This email spoofs users into thinking that they must update their Windows software," Websense said.
"Upon clicking on the link, users are forwarded to a fraudulent website. This website is hosted in Australia, and was up at the time of this alert. The website appears very similar to the real Windows Update site."
But when a user attempts to perform the update, a trojan is installed that allows hackers access to the infected computers, the company said.
The British-based security firm Sophos also issued a warning about the scheme.
"This criminal campaign exploits the public's rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen," said Graham Cluley, senior technology consultant for Sophos.
"We have long recommended that computer users keep up-to-date with the latest security patches, as Microsoft vulnerabilities are often exploited by viruses, worms and hackers. But users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers."