[ insider_reports_insider ]
Fake Microsoft Email Carries A Trojan
David Utter
Staff Writer
2006-05-30
 Insider Reports RSS Feed
An email circulating on the Internet claims to contain a patch for the WinLogon service in Microsoft Windows, but instead delivers an unwelcome payload.
 | | Fake Microsoft Email Carries A Trojan |  |
The spyware Trojan Troj/BeastPWS-C detailed by the Sophos security firm arrives by email. The message claims the file is necessary to fix an issue with WinLogon.
Instead, it is a keylogger that attempts to place a DLL component into Internet Explorer. That DLL captures keystrokes made on the PC and emails them to a remote address. The Trojan also communicates with a remote URL via HTTP.
After installation, the Trojan displays the message, "Microsoft WinLogon Service successfully patched," Sophos noted in an assessment of the Trojan's actions. It also makes changes to the registry to launch on startup and to prevent other software from starting automatically.
A ZDNet report said the email carries a fake return address of patch@microsoft.com.
But Microsoft said the problem cited by the email does not exist. A company spokesperson said in the report that it is investigating the email and people who receive it in their inboxes should discard the message.
---
Tags: Microsoft, Trojan
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
