Users are being warned
to watch out for a fake Microsoft security update. Circulating
as an e-mail the fake message points people at a bogus
website that claims to host critical security updates.
But anyone downloading
from the site will get a virus installed that opens a
backdoor into their computer the program's creators can
exploit.
Security firms and Microsoft
urged users to ensure they visit legitimate sites when
downloading updates.
Fake sites
Anti-virus firm Sophos
spotted the e-mail which uses subject lines saying "Urgent
Windows Update" and "Important Windows Update"
In the body of the message
is a web link that looks like it should link to the Windows
Update website but in fact links to a site controlled
by the malicious hackers.
Anyone downloading the fake
update on the bogus webpage will have their computer infected
with the DSNX-05 trojan. This opens a backdoor into
the PC that could be exploited by the creators of the
malicious program.
Anyone falling victim to
this could leave computer owners vulnerable to identity
theft or having their computer used to send spam, attack
other sites or host dubious material.
Microsoft said it only
sent e-mails about security updates and incidents to those
that have explicitly asked to be sent them.
Also it said it never sends
out information about security problems before its website
has been updated with information about problems.
This means that if users
cannot find information about security problems mentioned
in an e-mail on the Microsoft site, they should be suspicious
of the message.
Microsoft also urged users
to type in the name of the website they are trying to
reach rather than use a hyperlink as these can hide spoof
websites.
"Users must be very
careful to be sure they are going to the official update
websites, rather than just following links in emails which
have been sent by hackers," said Graham Cluley, senior
technology consultant at Sophos.
STAYING SAFE ONLINE
Install anti-virus software
Keep your anti-virus software up to date
Install a personal firewall
Use Windows updates to patch security holes
Do not open e-mail messages that look suspicious
Do not click on e-mail attachments you were not expecting
