Version: 2008
  • On GameFAQs: Is it OK to lay my Wii down on its side?
advertisementGet Smart about Business Spending

January 26, 2005 5:35 PM PST

Trojan piggybacks on Microsoft patching

By Robert Lemos
Staff Writer, CNET News

  • 2 comments
Related Stories

Banks bearing the brunt of phishing scams

 January 20, 2005

Net shopping's blue Christmas

 December 16, 2004

Net stores get ready for Santa cons

 December 15, 2004

Caught in a phishing trap

 November 17, 2004
Microsoft's patch process has spawned an attempt to fool Windows users into downloading and installing a Trojan horse.

A fake e-mail message, sent to CNET News.com, purports to be a Microsoft security notification about problems with the Windows operating system. The message, which carries the subject line "MS Windows/Critical Error," attempts to fool PC users into downloading and installing an attached program. However, numerous spelling and grammar errors in the message could tip people off to the danger.

"In the libraries of OS Windows(r) critical errors have been found," reads the e-mail message that contains the Trojan horse attachment. "This errors lead to destruction of the system files from your computer without an opportunity on restoration."

The attached executable file, named Windowsupdate.rar, appears to be a Windows archive file, a format used to install code on PCs. Antivirus company Symantec said the file is not listed in the virus database, so it's unclear whether the file is a virus, a prank or any other kind of attack.

"Microsoft is aware of a possible threat by which a person sends an e-mail claiming to be from Microsoft and enticing users to download Windows updates in the form of an attachment in the email," Debby Fry Wilson, director of Microsoft's security response center, said in a statement. "Initial investigations from Microsoft and third parties have found that there is no malicious payload associated with this attachment at this time, and Microsoft is not aware of any customer impact."

The scam is common enough that the software giant has created a Web page to answer Windows' users questions. The company notes on that Web site that it never sends updates as attachments to e-mail messages.

"We never attach software updates to our security e-mail notifications," the software giant stated on its site. "Rather, we refer customers to our Web site for complete information on the software update or security incident."

The software maker typically delivers patches through its Windows Update service, or through downloads from its Web site.

See more CNET content tagged:
attachment, trojan horse, Microsoft Corp., e-mail, security

Add a Comment (Log in or register)
Server Confirmation
by tharcod January 27, 2005 10:59 AM PST
The issue here is that anyone can send a message claiming to be from Microsoft.com.

If your server obeyed SPF, this message shouldn't reach your inbox.
Reply to this comment
Server Confirmation
by tharcod January 27, 2005 10:59 AM PST
The issue here is that anyone can send a message claiming to be from Microsoft.com.

If your server obeyed SPF, this message shouldn't reach your inbox.
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (0.00%) 0.00 28.52
Dow Jones Industrials (0.00%) 0.00 10,023.42
S&P 500 (0.00%) 0.00 1,069.30
NASDAQ (0.00%) 0.00 2,112.44
CNET TECH (0.00%) 0.00 1,538.38
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET