Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Trojan ID Thieves Pose As Microsoft Patches

A pair of Trojans posing as Microsoft patches or updates are on the loose, security firms said Tuesday.

According to U.K.-based Sophos, the Trojan horse "BeastPWS-C" starts with a spoofed e-mail from Microsoft that claims a new vulnerability in the WinLogon Service is out and about. (WinLogon is the log-in service for Windows NT, 2000, and XP.) The spammed message includes a link to a purported patch.

"Please click the link below to download the patch and protect your computer against WinLogon attacks," the spam reads.

Users who click on the URL actually download the Trojan, not a patch. BeastPWS-C, said Sophos, logs keystrokes and sends them to a hacker's e-mail account.

"People are slowly learning that Microsoft does not e-mail out security fixes as attachments, but they also need to learn to be careful of blindly clicking on links to download fixes," said Graham Cluley, senior technology consultant at Sophos, in a statement.

  • 1