By Susan B. Shor TechNewsWorld
04/11/05 9:08 AM PT
"It is child's play to create a fake Web site which looks like someone else's. Even a semi-competent technical person could do it in an hour or two," said Graham Cluley, Sophos senior engineer.
As computer users get more sophisticated, so too do the schemes to ensnare them. Security company Sophos warned Friday that a bogus Web site, set up to look like the Microsoft (Nasdaq: MSFT) Windows Update page, was luring Windows users into downloading a Trojan horse.
The scammers sent e-mails with subject lines such as "Urgent Windows Update," "Update your windows machine" and "Important Windows Update." The e-mails encouraged people to update their Windows software immediately and included the link to the bogus site.
Windows Quarterly Updates
Microsoft does not notify users of updates through e-mails, but it is believed that the messages may have been timed to take advantage of Microsoft's scheduled quarterly updates, which will be released tomorrow.
"More and more users are realizing that unsolicited e-mail attachments can be malicious, and so the technique used in this instance is to not have an e-mail attachment but to link to a bogus Web site instead, rather like a phishing attack," Graham Cluley, Sophos senior engineer, told TechNewsWorld.
Simple Set-up
The site has since been shut down, which is the Web community's greatest defense against this combination e-mail/phishing scam, but it is not difficult to re-create, Cluley said.
"It is child's play to create a fake Web site which looks like someone else's. Even a semi-competent technical person could do it in an hour or two," he said. "The difficulty for the hacker is keeping the Web site active. Once a malicious attack like this occurs then there will be pressure from ISPs and the security community to have the Web site shut down
to prevent the malware from being spread any further."
If a user went to the site and tried to download the bogus Windows update, their PC would instead be infected with the Trojan horse Troj/DSNX-05. Troj/DSNX/05 gives remote control of the infected PC to the hackers.
Once they have control, hackers can do a number of malicious things, including spying on a user's activity. Keystroke monitoring can allow hackers to get a hold of credit card and bank account information. The PC can also be used to send spam or launch denial of service attacks.
Microsoft Readies for 'Patch Tuesday' with Eight Fixes April 08, 2005
Microsoft will include information about the release of an updated version of the Microsoft Windows Malicious Software Removal Tool and information about the detection tool applicable to the upcoming security updates.
Related Stories
Microsoft Delivers Windows Server 2003 Service Pack 1 March 31, 2005
"IDC research consistently finds that customers look forward to a first service pack after a product release to bolster the security of the Windows environment," said IDC's Al Gillen. "In this particular situation it's actually even a bigger deal because this is more than a standard service pack."
Microsoft, EU Negotiate Marketing Stripped-Down Windows January 31, 2005
Staff at the European Commission, which administers the European Union, said it is concerned that Microsoft will essentially undermine the sanctions by billing the new version of the Windows operating system sans Media Player as "Windows Reduced Media Edition."
Microsoft Anti-Piracy Program Mandates Software Validation January 26, 2005
The mandatory Windows Genuine Advantage will force users to prove their copy of the operating system was obtained legally in order to receive Microsoft's promise of "greater reliability, faster access to updates, and richer user experiences" from Windows XP.
Microsoft Yields to EU, Will Remove Media Player from Windows January 24, 2005
Microsoft said the first versions of Windows with Media Player removed will be available at EU retailers "in the coming weeks." Matt Rosoff, a lead analyst with Directions on Microsoft, said that the software giant has little to lose by not appealing a European Commission ruling that it had little chance of overturning.
Related News Alerts
More by Susan B. Shor
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
High-Risk Flaw Found in Symantec's Software December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Headline Feeds
Talkback: 
