Technology News: Security: Trojan Horse Rides in on Fake Windows Update

Trojan Horse Rides in on Fake Windows Update

By Susan B. Shor
TechNewsWorld
04/11/05 9:08 AM PT

"It is child's play to create a fake Web site which looks like someone else's. Even a semi-competent technical person could do it in an hour or two," said Graham Cluley, Sophos senior engineer.

As computer users get more sophisticated, so too do the schemes to ensnare them. Security company Sophos warned Friday that a bogus Web site, set up to look like the Microsoft (Nasdaq: MSFT) Windows Update page, was luring Windows users into downloading a Trojan horse.

The scammers sent e-mails with subject lines such as "Urgent Windows Update," "Update your windows machine" and "Important Windows Update." The e-mails encouraged people to update their Windows software immediately and included the link to the bogus site.

Windows Quarterly Updates

Microsoft does not notify users of updates through e-mails, but it is believed that the messages may have been timed to take advantage of Microsoft's scheduled quarterly updates, which will be released tomorrow.

"More and more users are realizing that unsolicited e-mail attachments can be malicious, and so the technique used in this instance is to not have an e-mail attachment but to link to a bogus Web site instead, rather like a phishing attack," Graham Cluley, Sophos senior engineer, told TechNewsWorld.

Simple Set-up

The site has since been shut down, which is the Web community's greatest defense against this combination e-mail/phishing scam, but it is not difficult to re-create, Cluley said.

"It is child's play to create a fake Web site which looks like someone else's. Even a semi-competent technical person could do it in an hour or two," he said. "The difficulty for the hacker is keeping the Web site active. Once a malicious attack like this occurs then there will be pressure from ISPs and the security community to have the Web site shut down to prevent the malware from being spread any further."

If a user went to the site and tried to download the bogus Windows update, their PC would instead be infected with the Trojan horse Troj/DSNX-05. Troj/DSNX/05 gives remote control of the infected PC to the hackers.

Once they have control, hackers can do a number of malicious things, including spying on a user's activity. Keystroke monitoring can allow hackers to get a hold of credit card and bank account information. The PC can also be used to send spam or launch denial of service attacks.

Next Article in Security

Internet Users More Tolerant of Spam
April 11, 2005

Fifty-three percent of e-mail users surveyed said spam has made them less trusting of e-mail, compared to 62 percent a year ago. Overall, more than half of all Internet users complain that spam is a big problem.

More by Susan B. Shor

Salesnet President Jonathan Tang Ready to Take On Salesforce.com
February 07, 2006

"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."

Comcast Follows Time Warner in Offering 'Family' Programming Tier
December 23, 2005

"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.

High-Risk Flaw Found in Symantec's Software
December 22, 2005

"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.

[Search More...]

Sophos	Activate Alert \| Search Archives

Microsoft	Activate Alert \| Search Archives

Hacker	Activate Alert \| Search Archives