Fake Microsoft emails hide Trojan spy

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


Fake Microsoft emails hide Trojan spy
May 30, 2006
Veronique De Freitas
Fake emails that claim to offer security advice from Microsoft are
cloaking the presence of a password-stealing Trojan horse, security
experts have warned.

The bogus emails claim to come from 'patch@microsoft.com' with the
warning that a hole has been found in the Microsoft WinLogon service
that could 'allow a hacker to gain access to an unpatched computer'.

However, if you click on a link in the email to download the patch you
will actually be redirected to a non-Microsoft website that downloads
the BeastPWS-C Trojan horse, which is a keylogger capable of spying on
your system and stealing passwords.

"People are slowly learning that Microsoft does not email out security
fixes as attachments, but they must also learn to be careful of blindly
clicking on links to download fixes without checking that the email is
legitimate," said Graham Cluley, senior technology consultant at

According to Sophos, when first installed the Trojan horse displays a
message, which says: 'Microsoft WinLogon Service successfully patched',
when in fact it is secretly logging keystrokes and sending them to the
hacker's email address.

Mr Cluley added: "The hackers are playing a dangerous game, because if
Microsoft finds out who is responsible for besmirching its name, it's
more than likely to throw the full force of the law at them. Security
is becoming a hot topic for the software giant, and it doesn't want
malware and spam to sully its public image through this kind of
criminal activity."
Related articles:
Fly over UK cities with Local Live
Microsoft releases Vista specs
Microsoft launches 'Insider Club'
World Cup email is a Trojan
Trojans on the increase
Microsoft fixes more Windows flaws

Site Timeline