Language Selection

English French German Italian Portuguese Spanish

Phishing Scam Targets Windows Update

Filed under
Microsoft
Security

A phishing scam emulating the Windows Update Service hit Australia yesterday, designed to not only emulate the update page perfectly, but circumvent current antivirus, spyware and adware programs.

The spam e-mail directs users to a page that pulls graphics from the Microsoft.com Web site and then recreates the page asking users to download a Windows update that is actually a malicious .exe file.

Director of SurfControl, Charles Heunemann, said the company discovered the virus late last night and that current heuristics and signatures used by core antivirus vendors are not picking up the malicious code.

"We are still trying to get to the bottom of it," Heunemann said.

"It is not a malicious attack for network resources but appears to send a message to the Internet advertising itself as a zombie machine - we think the .exe file pulls other code to turn the machine into a spamming server.

"The actual e-mail looks like a Microsoft e-mail but I don't think it is the practice for Microsoft to ask users to update their operating system by launching a link from an e-mail."

The virus, titled Wupdate-20050401, installs an executable file into the Windows directory and adds a startup service. When it is running the program takes up 100 percent of the CPU power, controlling the CPU by forcing it to perform continuous processes.

Microsoft security product manager Ben English said this is just one of many scams they are currently monitoring, adding that it is not unique.

"There are effective defences against these types of scams and we advise users to follow some simple guidelines," English said.

"Microsoft is aware of the SurfControl notice regarding the spoofing scam of Windows update and our advice to customers remains the same.

"Microsoft never attaches software updates to our security e-mail notifications; we never send notices about security updates or incidents until after we publish information about them on our Web site and if you suspect that an e-mail message is not legitimate, do not click any hyperlinks within it."

Sophos' Asia Pacific head of technology, Paul Ducklin, was aware of the program in question and said despite all the technology in the world, education and informed decisions by users will always be the best resort to stopping malware.

"Even if all other defences are down, with Trojan malware if a person doesn't click on it, it won't work - they all involve, to some extent, collaboration with users," Ducklin said.

"Three ways to block them include having software to prevent a suspicious program, using programs at the gateway to block .exe files and of course user education and information."

More in Tux Machines

Games for GNU/Linux

Linux Devices

  • This week in vc4 (2016-12-05): SDTV, 3DMMES, HDMI audio, DSI
    The Raspberry Pi Foundation recently started contracting with Free Electrons to give me some support on the display side of the stack. Last week I got to review and release their first big piece of work: Boris Brezillon's code for SDTV support. I had suggested that we use this as the first project because it should have been small and self contained. It ended up that we had some clock bugs Boris had to fix, and a bug in my core VC4 CRTC code, but he got a working patch series together shockingly quickly. He did one respin for a couple more fixes once I had tested it, and it's now out on the list waiting for devicetree maintainer review. If nothing goes wrong, we should have composite out support in 4.11 (we're probably a week late for 4.10).
  • Raspberry Pi VC4 Driver Work On SDTV, HDMI Audio & More
    Eric Anholt's latest weekly blog post on the VC4 development highlights SDTV support coming together, the Raspberry Pi Foundation contracting Free Electrons to provide more development help on the display stack, HDMI audio support for VC4 DRM driver continuing to inch along, DSI fixes, some code generation improvements for VC4 Gallium3D, and other work.
  • Rugged Skylake embedded PC has wide range power
    Axiomtek’s “eBOX565-500-FL” computer runs Linux or Windows on dual-core Intel 6th Gen CPUs, and offers four USB 3.0 ports and wide-range power. The eBOX565-500-FL updates the two-year-old eBOX560-880-FL embedded PC, which provides dual-core Intel 4th Gen “Haswell” Core and Celeron CPUs. The very similar eBOX565-500-FL instead taps the 14nm Intel 6th Gen “Skylake” ULT processors, once again offering two dual-core options: the 2.4GHz Core i5-6300U and the 2.0GHz Celeron 3955U.

Servers/Networks

  • Docker acquires file syncing and sharing app Infinit, will open-source the software
    Docker, the startup that pushes open source software for packaging up code into containers that can be deployed on many machines, today announced its latest acquisition: file transfer app Infinit. Yes, that’s right, Docker bought a company with a consumer-friendly app. It lets you sync files to your other devices or send them to others.
  • How Virtualized Networks Will Save Us From Dropped Calls
    We’ve all been the victim of a dropped mobile phone call and know how frustrating it can be. However, virtualized networks provide network operators with powerful tools to detect and recover from network disruptions, or “faults,” that can drop calls for thousands of subscribers simultaneously. The Open Platform for Network Functions Virtualization (OPNFV) project together with OpenStack have developed features in software that add resiliency to mobile networks and enable them to recover from network and other outages.
  • It’s Brexploitation! Microsoft punishes UK for Brexit with cloud price-gouging
    “My own story would not have been possible but for the democratizing force of Microsoft technology reaching me where I was growing up,” CEO Satya Nadella told shareholders this week. But the price of that “democratizing force” is about to go up, with Britons uniquely singled out. Microsoft has reiterated to Azure customers that prices will go up by 22 per cent from January 1st. The problem? The price rise is far greater than any exchange rate post-Brexit fluctuations might justify. Microsoft’s biggest European data centre is in Dublin, a member of the Euro currency. The Euro hovered around €1.28 to one pound for the first six months of the year, before crashing after Brexit. It’s now €1.19, a depreciation of just 9 cents, or 7 per cent. The value of the British pound has weakened more dramatically against the US dollar, dropping by 18.9 per cent since 24 June - the day after Brits voted to leave the EU. For new Office or Azure cloud customers in the UK, no exchange rate can justify any price rise at all. In September, Microsoft made Azure available in UK data centres.

Android Leftovers