Skip to main content

Bogus Microsoft security warning

Sophos has issued an alert over a bogus Microsoft security warning that - you guessed - contains a Trojan that steals data using a keylogger applications.

According to Sophos, the spammed emails, which purport to come from, claim that a vulnerability has been found 'in the Microsoft WinLogon Service' and could 'allow a hacker to gain access to an unpatched computer.'

Recipients are advised to click on a link in the email to download the patch. However, the link really points to a non-Microsoft Web site and initiates the download of the BeastPWS-C Trojan horse, which is capable of spying on the infected user and stealing passwords.

Graham Cluley, Sophos' senior technology consultant (fx: doffs hat, for it is the man) said that people are slowly learning that Microsoft does not email out security fixes as attachments.

"But they must also learn to be careful of blindly clicking on links to download fixes without checking that the email is legitimate," he said, adding that, in the case of this email, the hackers made a mistake by referring to 'Microsoft Coorp' rather than 'Microsoft Corp.'

El Cluley recommends that users visit Microsoft's Web site at for information about Microsoft security patches...