Experts at SophosLabs, Sophos’s global network of virus and spam analysis centres, are warning users to be on their guard against an attempt by hackers to break into their computers under the disguise of being a Microsoft security update.
Sophos’s spam labs have intercepted an email campaign intended to direct innocent computer users to a bogus website, posing as Microsoft’s official website for critical security patches. However, if users follow the links in the email and try and download updates from the website they are infected by the DSNX-05 Trojan horse, which allows hackers to take remote control of the infected PC.
Emails sent by the hackers claim to come from “Windows Update”
The body of the email claims to link to Microsoft’s Windows Update site but instead links to a website under the control of the hackers.
“This criminal campaign exploits the public’s rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen,” said Graham Cluley, senior technology consultant for Sophos. “We have long recommended that computer users keep up-to-date with the latest security patches, as Microsoft vulnerabilities are often exploited by viruses, worms and hackers. But users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers.”
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
“Microsoft does not issue security warnings in this way – so users should be on their guard whenever they receive an email like this,” continued Cluley. “It makes sense to keep your anti-virus and anti-spam software up-to-date, but it is also wise to practise safe computing and be wary of unsolicited communications that might lead your computer into danger.”
More information about the DSNX-05 Trojan, and images of the email message, can be found on Sophos’s website at