Jump to content
xisto Community
Sign in to follow this  
Raptrex

Windows Update Email Scam its a trojen horse

Recommended Posts

A new scam by hackers has some people believing they are receiving an e-mail about a critical update to Windows when in actuality they are installing a Trojan horse, Sophos said on Friday. The e-mail directs victims to a fake version of the Windows Update site, where there are links to download the malicious "patches."
"The email uses the Microsoft branding and style so to the casual observer it appears to be legitimate," Gregg Mastoras, Senior Security Analyst at Sophos, told BetaNews.

If users download the "patches," they are actually installing the Troj/DSNX-05 Trojan horse that lets the attackers remotely take control of the infected PC.

People may be more apt to click on the links since the e-mails are coming around the same time as Microsoft's April security updates. Microsoft, since making a commitment last year to better secure its products, has been issuing aggregate updates each month, sometimes with as many as a dozen patches at a time.

Mastoras, however, disagreed with that theory. "My assumption is most people don't know Microsoft's security update schedule, so I don't think that influences the timing," he said.

Most updated anti-virus programs should pick up the Trojan before it has a chance to install.

Nonetheless, Sophos is urging users to watch what they download. "Clicking on a link in an e-mail is equivalent to downloading a file onto your computer. So if you don't know who is sending you the e-mail or it is unsolicited, users should delete the e-mail," Mastoras added.


http://betanews.com/2005/04/08/windows-update-scam-fooling-users/

so in other words, if you get an email from microsoft , dont open IT

Share this post


Link to post
Share on other sites

well of course its fake it that obvious why would microsoft email you their is no reason for them to do that plus microsoft don't know your email anyways so its pretty obvious that its a fake :)

Share this post


Link to post
Share on other sites

Phising, pharming and scamming are one of the dangers on the internet. The poisoned DNS servers is another issue that are getting out of hand.I get 1 to 5 ebay and PayPal scam letters everyday. I have reported 2 different scams on M$ and M$ updates / patchesNils

Share this post


Link to post
Share on other sites

Phising, pharming and scamming are one of the dangers on the internet. The poisoned DNS servers is another issue that are getting out of hand.

 

I get 1 to 5 ebay and PayPal scam letters everyday. I have reported 2 different scams on M$ and M$ updates / patches

 

Nils

70326[/snapback]

Pharming?? Please explain, Nils. :)

 

Well, if you're using Windows XP, then shouldn't all updates be delivered straight to your computer by a little program that sits on your system tray?

Share this post


Link to post
Share on other sites

well of course its fake it that obvious why would microsoft email you their is no reason for them to do that plus microsoft don't know your email anyways so its pretty obvious that its a fake :)

70280[/snapback]


Man ... That trick is sooooo old and still people fall for it EVERY DAY and its alarming.... someone should start a REAL (sorry aol) campaign against these viruses/trojans/etc.

Share this post


Link to post
Share on other sites

One of the most obvious signs that such emails are scams is the poor spelling or bad grammer often found in the message body. In the example of this bogus email which can be found at:

 

http://forums.xisto.com/no_longer_exists/

 

you will see such things as "Fill your informations", "reserve the rights" and "for an unlimited perriod".

 

You will also see unclear thinking by the use of words like "Apparently" where if it were actually true, they would have said something like "We have detected an unusual number of emails" indicating a supposed fact rather then an apparent guess.

 

These scam emails are perpetrated by folks with some html code knowledge but with a poor knowledge of the English language. I rather believe that these scams are a result of our unfortunate "instant gratification" society since the perpetrators think they can do no wrong, will not get caught and don't take the time to correct mistakes (like spellchecking their work).

 

Just some info to keep in mind...

Share this post


Link to post
Share on other sites

Opps, sry for the double post. I attempted to correct a spelling error....lol.If the admins could delete the first one for me...and this one....much appreciated.

Share this post


Link to post
Share on other sites

yeah..quite true...usually hackers are those who don't go to school and they don't do well in grammer....and Dark_Dude, i've deleted your previous post like you requested. thanks for the post, it really contributed.-Shackman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.