A malicious website, posing as a Microsoft security page, is infecting visitors with a dangerous Trojan horse program.
The site, designed to look like the Windows update page, is hoping to capitalise on what will be a serious of critical patches from the software giant, to be released on Tuesday. The scam uses e-mail messages that appear to come from Microsoft to get recipients to visit a Web page that uploads the malicious program.
Using the promise of Windows software patches to distribute malicious code isn't new. However, the latest attacks show that scammers are adopting strategies used by phishers to evade detection by gateway and desktop anti-virus programs, said Graham Cluley, senior technology consultant at anti-virus company Sophos
The attack was first detected on Thursday in Canada. The messages have subject lines like "Update your windows machine" or "Urgent Windows Update".
A link in the body of the e-mail message appears to take users to the Microsoft Windows Update website, but actually forwards them to a site operated by the attackers that installed a Trojan horse program called DSNX-05.
The website run by the hackers was registered to an ISP in Toronto, but has since been shut down. The site looked the actual Microsoft Windows Update page, and displayed Microsoft's corporate logo. One giveaway that something was amiss was that the URL displayed in the Web browser address bar showed only the IP address of the site, instead of the Windows update address.
"It's such a shame that, just as we're beginning to teach people more about security updates, cybercriminals are exploiting that," Cluley said.