Language Selection

English French German Italian Portuguese Spanish

Phishing Scam Targets Windows Update

Filed under
Microsoft
Security

A phishing scam emulating the Windows Update Service hit Australia yesterday, designed to not only emulate the update page perfectly, but circumvent current antivirus, spyware and adware programs.

The spam e-mail directs users to a page that pulls graphics from the Microsoft.com Web site and then recreates the page asking users to download a Windows update that is actually a malicious .exe file.

Director of SurfControl, Charles Heunemann, said the company discovered the virus late last night and that current heuristics and signatures used by core antivirus vendors are not picking up the malicious code.

"We are still trying to get to the bottom of it," Heunemann said.

"It is not a malicious attack for network resources but appears to send a message to the Internet advertising itself as a zombie machine - we think the .exe file pulls other code to turn the machine into a spamming server.

"The actual e-mail looks like a Microsoft e-mail but I don't think it is the practice for Microsoft to ask users to update their operating system by launching a link from an e-mail."

The virus, titled Wupdate-20050401, installs an executable file into the Windows directory and adds a startup service. When it is running the program takes up 100 percent of the CPU power, controlling the CPU by forcing it to perform continuous processes.

Microsoft security product manager Ben English said this is just one of many scams they are currently monitoring, adding that it is not unique.

"There are effective defences against these types of scams and we advise users to follow some simple guidelines," English said.

"Microsoft is aware of the SurfControl notice regarding the spoofing scam of Windows update and our advice to customers remains the same.

"Microsoft never attaches software updates to our security e-mail notifications; we never send notices about security updates or incidents until after we publish information about them on our Web site and if you suspect that an e-mail message is not legitimate, do not click any hyperlinks within it."

Sophos' Asia Pacific head of technology, Paul Ducklin, was aware of the program in question and said despite all the technology in the world, education and informed decisions by users will always be the best resort to stopping malware.

"Even if all other defences are down, with Trojan malware if a person doesn't click on it, it won't work - they all involve, to some extent, collaboration with users," Ducklin said.

"Three ways to block them include having software to prevent a suspicious program, using programs at the gateway to block .exe files and of course user education and information."

More in Tux Machines

today's leftovers

  • Mesa's Shader Cache Will Now Occupy Less Disk Space
    Mesa previously had a hard-coded limit to not take up more than 10% of your HDD/SSD storage, but now that limit has been halved. In a change to Mesa 17.2-dev Git and primed for back-porting to Mesa 17.1, Timothy Arceri has lowered the cache size limit to 5% of the disk space. He noted in the commit, "Modern disks are extremely large and are only going to get bigger. Usage has shown frequent Mesa upgrades can result in the cache growing very fast i.e. wasting a lot of disk space unnecessarily. 5% seems like a more reasonable default."
  • Amazon EC2 Cloud Benchmarks vs. AMD Ryzen, Various AMD/Intel Systems
  • Epiphany 3.25.1 Released, Ported To Meson
    Epiphany 3.25.1 has been released as the latest update for GNOME's Web Browser in what will be part of GNOME 3.26 this September. Epiphany 3.25.1 has continued the trend by other GNOME components in porting to the Meson build system. With Epiphany 3.25.1, Meson is present and its Autotools build system has been removed.
  • Tumbleweed Snapshots Update Fonts, Perl, Python Packages
    openSUSE Tumbleweed snapshots this week gave many newer versions of Perl and Python packages, but several other packages were updated in the repositories including some open fonts. Google and Adobe fonts were updated in snapshots 20170424 and 20170420 with google-croscore-fonts and adobe-sourcehansans-fonts being added to the repositories respectively.
  • 3 cool features in Ubuntu 17.04
    April showers bring May flowers, and fresh versions of Ubuntu too. Canonical’s latest official Ubuntu release—17.04—arrived this month after news of the death of Unity 8 and the return to the GNOME desktop in 2018. For now, Ubuntu is still shipping with its Unity desktop. I wrote earlier that most users who need stability and support over new features will probably want to stick with Ubuntu 16.04, which was released last April, until Ubuntu 18.04 arrives a year from now. However, there are a few small things in Ubuntu 17.04 that will appeal to users who are keen to get all the newest updates.
  • Linux Security and Isolation APIs course in Munich (17-19 July 2017)
    I've scheduled the first public instance of my "Linux Security and Isolation APIs" course to take place in Munich, Germany on 17-19 July 2017. (I've already run the course a few times very successfully in non-public settings.) This three-day course provides a deep understanding of the low-level Linux features (set-UID/set-GID programs, capabilities, namespaces, cgroups, and seccomp) used to build container, virtualization, and sandboxing technologies. The course format is a mixture of theory and practical.

more of today's howtos

Leftovers: OSS and Sharing

Microsoft Begs, Bugs, and Bug Doors

  • Don't install our buggy Windows 10 Creators Update, begs Microsoft
    Microsoft has urged non-tech-savvy people – or anyone who just wants a stable computer – to not download and install this year's biggest revision to Windows by hand. And that's because it may well bork your machine. It's been two weeks since Microsoft made its Creators Update available, and we were previously warned it will be a trickle-out rather than a massive rollout. Now, Redmond has urged users to stop manually fetching and installing the code, and instead wait for it to be automatically offered to your computer when it's ready.
  • Microsoft Word flaw took so long to fix that hackers used it to send fraud software to millions of computers
    A flaw in Microsoft Word took the tech giant so long to fix that hackers were able to use it to send fraud software to millions of computers, it has been revealed. The security flaw, officially known as CVE-2017-0199, could allow a hacker to seize control of a personal computer with little trace, and was fixed on April 11 in Microsoft's regular monthly security update - nine months after it was discovered.