April 06, 2005Windows Update Phishing
I don't know why it took so long for this to show up in my inbox, but this phishing trick is sure to con a ton of folks into probably handing their computers over to a "bot net." Here's the message (which I viewed only after checking the source code to see that the message, itself, did no harm):
On the surface (except for formatting that doesn't really look as good as Microsoft might produce, even when viewed in a Windows machine), it looks to come from Microsoft. It even has the little arrow icon from the genuine Windows Update page (the image files really come from Microsoft's site). But a quick peek under the hood (as Spam Wars readers know) reveals that the message did not originate from Microsoft, nor does the link really lead to Microsoft. Instead, the link goes to a numeric IP address hosted in China.
I don't know what happens when you visit that link. Fortunately (perhaps), the URL is unavailable (I have safe ways to check). But it could be that the site is under attack from the very recipients of the spam message—so many recipients are clicking the link that the site is inundated. In any case, I wouldn't expect anything good to come from a successful connection with this site. I also expect a lot more lookalike messages to arrive. They're phishing not for your identity (directly, anyway), but for your computer and your Internet connection. If they plant a keylogger into your system, they'll get your identity and/or online bank account eventually.
Pick up the phone and tell your friends.
UPDATE: At least one of the major antivirus firms has confirmed that these phony Windows Update sites install what is known as a backdoor Trojan, which means your computer becomes a slave to a different master.Posted on April 06, 2005 at 01:59 PM