Hackers Circulate Fake Microsoft Security Update - 05/21/05 02:19 PM
Hoping once again to fool security-minded users, malicious hackers have released a fake Microsoft Latest News about Microsoft security Latest News about Security update, claiming that it is an update to Internet Explorer, Outlook Express and Outlook.
The release of such e-mails has become common after a Microsoft security patch update, to the point that bogus updates sometimes appear only hours after the official patches are released.
The latest version is titled the "May 2005 Cumulative Patch" and claims to resolve all known security vulnerabilities with IE, Outlook and Outlook Express. The e-mail mimics Microsoft language and official communication in an attempt to look legitimate.
Microsoft did release a patch in May, but not for IE or its e-mail clients. Users who attempt to download the fraudulent update are infected with the Pinfi virus.
Using Microsoft to trick users into downloading Trojan horses and viruses has become a very standard tactic, said Graham Cluley, senior technology consultant at security firm Sophos Latest News about Sophos.
"Attackers want to get the maximum number of users to download their virus," he said. "Since Microsoft updates are relevant to so many people, they see it as an easy way to fool users into downloading what they shouldn't."
Other companies, such as banks and financial institutions, also are used to lure unsuspecting users, but widespread user education has made many wary of such e-mails.
Now, it appears, attackers are turning to security firms, hiding viruses in messages that seem to be from Symantec Latest News about Symantec or Microsoft's security team.
Stronger Effort
Simply because malicious hackers have made it business-as-usual to target Microsoft does not mean the Redmond behemoth is taking the situation lightly.
The company has pointed users toward a section on its Web site titled "How to Tell If a Microsoft Security-Related Message is Genuine."
On the site, Microsoft notes that there are ways to spot imposters, emphasizing that legitimate Microsoft e-mails contain no attachments. They also reference security information that already is on the Microsoft Web site and have hyperlinks that begin with http://www.microsoft.com/security.
Microsoft's site also gives an example of a fake bulletin from 2003, noting that its professional appearance and sincere, helpful tone tricks many users into infecting their systems.
SOURCE
The release of such e-mails has become common after a Microsoft security patch update, to the point that bogus updates sometimes appear only hours after the official patches are released.
The latest version is titled the "May 2005 Cumulative Patch" and claims to resolve all known security vulnerabilities with IE, Outlook and Outlook Express. The e-mail mimics Microsoft language and official communication in an attempt to look legitimate.
Microsoft did release a patch in May, but not for IE or its e-mail clients. Users who attempt to download the fraudulent update are infected with the Pinfi virus.
Using Microsoft to trick users into downloading Trojan horses and viruses has become a very standard tactic, said Graham Cluley, senior technology consultant at security firm Sophos Latest News about Sophos.
"Attackers want to get the maximum number of users to download their virus," he said. "Since Microsoft updates are relevant to so many people, they see it as an easy way to fool users into downloading what they shouldn't."
Other companies, such as banks and financial institutions, also are used to lure unsuspecting users, but widespread user education has made many wary of such e-mails.
Now, it appears, attackers are turning to security firms, hiding viruses in messages that seem to be from Symantec Latest News about Symantec or Microsoft's security team.
Stronger Effort
Simply because malicious hackers have made it business-as-usual to target Microsoft does not mean the Redmond behemoth is taking the situation lightly.
The company has pointed users toward a section on its Web site titled "How to Tell If a Microsoft Security-Related Message is Genuine."
On the site, Microsoft notes that there are ways to spot imposters, emphasizing that legitimate Microsoft e-mails contain no attachments. They also reference security information that already is on the Microsoft Web site and have hyperlinks that begin with http://www.microsoft.com/security.
Microsoft's site also gives an example of a fake bulletin from 2003, noting that its professional appearance and sincere, helpful tone tricks many users into infecting their systems.
SOURCE