BeastPWSC Trojan horse steals passwords from infected users

Sophos have warned of a spammed email campaign which claims to be security advice from Microsoft, but actually tries to encourage users to install a keylogger onto their computers.

The spammed emails, which have the subject line "Microsoft WinLogon Service Vulnerability Issue" and purport to come from [email protected], claim that a vulnerability has been found "in the Microsoft WinLogon Service" and could "allow a hacker to gain access to an unpatched computer".

Recipients are advised to click on a link in the email to download the patch. However, the link really points to a non-Microsoft website and initiates the download of the Troj/BeastPWS-C Trojan horse, which is capable of spying on the infected user and stealing passwords. Bogus Microsoft security warning leads to malware

Linked by shanmuga Thursday, 1st June 2006 2:22AM