Malicious Website/Malicious Code: Fake Microsoft 'explorer.exe' Security Patch


WebsenseŽ Security Labs has received reports of a email scam disguised as a Microsoft Security Update for Explorer.exe. Users receive a spoofed email message instructing them to click on a link to immediately download and install a bugfix from Microsoft. The link in the email takes the user to a fraudulent website, designed to appear as the legitimate Microsoft Windows update site. The security update hosted on this page is actually a backdoor Trojan horse. Upon execution, the backdoor sends an HTTP request with the IP address of the infected computer and then waits for a connection from the malware author.

The site hosting the malicious file is in the United States, the site where the IP address is reported is hosted in Germany. Both were online at the time of this alert. WebsenseŽ - Security Labs Alert: Fake Microsoft 'explorer.exe' Security Patch

Linked by shanmuga Saturday, 12th November 2005 9:17PM