Hackers take advantage of Microsoft security bulletins to spread malware
Tuesday, December 8, 2009
In the wake of highly publicized security alerts from software giant Microsoft, online criminals have used the wave of public interest to push malicious software on an unsuspecting public.
The malicious emails take the usual form: A message from an authoritative source - in this case, Microsoft director of security assurance Steve Lipner - warns that security updates must be installed to ensure the security of the targeted PCs. The "updates" turn out to be malware.
However, while there are frequently a few tell-tale signs that an email is malicious, this campaign gives the game away several times, misspelling the names of Windows products and presenting erroneous technical details. Sophos labs also notes that the malware included in the email was detected immediately and failed to run on a test system.
The technique of using current events in general, and even Microsoft updates in particular, is not a new one for online malware purveyors, as a similar attack was launched last year. Experts say that it is almost always a bad idea to click on links in unsolicited email.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
