Bogus Microsoft Security Warning Leads To Thieving Malware
Posted on 30 May 2006.
Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have warned of a spammed email campaign which claims to be security advice from Microsoft, but actually tries to encourage users to install a keylogger onto their computers.

The spammed emails, which purport to come from, claim that a vulnerability has been found 'in the Microsoft WinLogon Service' and could 'allow a hacker to gain access to an unpatched computer'.

Recipients are advised to click on a link in the email to download the patch. However, the link really points to a non-Microsoft website and initiates the download of the BeastPWS-C Trojan horse, which is capable of spying on the infected user and stealing passwords.

When first installed the Trojan horse displays a bogus message, which reads: 'Microsoft WinLogon Service successfully patched'. In actual fact, the malware is secretly logging keystrokes and sending them to an email address belonging to the hacker.

"People are slowly learning that Microsoft does not email out security fixes as attachments, but they must also learn to be careful of blindly clicking on links to download fixes without checking that the email is legitimate," said Graham Cluley, senior technology consultant at Sophos. "In this case, the hackers made a mistake by referring to 'Microsoft Coorp' rather than 'Microsoft Corp', but it's possible that users would miss that typo in their rush to protect themselves."

Sophos recommends that users visit Microsoft's website at for information about Microsoft security patches.

"The hackers are playing a dangerous game, because if Microsoft finds out who is responsible for besmirching its name, it's more than likely to throw the full force of the law at them," continued Cluley. "Security is becoming a hot topic for the software giant, and it doesn't want malware and spam to sully its public image through this kind of criminal activity."

Sophos has been protecting against the BeastPWS-C Trojan horse since 12:28 GMT, Monday 29 May, 2006 and has automatically updated customers.

Sophos advises that companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th