14 DAY TRIAL // Experts at SophosLabs have detailed the problem of the fake security patch which advises users to update their computers.
The spammed e-mails, which have the subject line "Microsoft WinLogon Service - Vulnerability Issue" and purport to come from [email protected], claim that a vulnerability has been found "in the Microsoft WinLogon Service" and could "allow a hacker to gain access to an unpatched computer".
Recipients are advised to click on a link in the email to download the patch. However, the link really points to a non-Microsoft website and initiates the download of the Troj/BeastPWS-C Trojan horse, which is capable of spying on the infected user and steal passwords.
The spam e-mail claims to come from Microsoft, and includes a malicious link.
"People are slowly learning that Microsoft does not email out security fixes as attachments, but they also need to learn to be careful of blindly clicking on links to download fixes too without checking that the email is legitimate," said Graham Cluley, senior technology consultant at Sophos.
"In this case, the hackers made a mistake by referring to 'Microsoft Coorp' rather than 'Microsoft Corp', but it's possible that users would miss that typo in their rush to protect themselves," he added.
Image Credits: SophosLabs
