On the day that Microsoft announced details of its next round of monthly patches, fraudsters have sent out a wave of emails disguised as messages from the software behemoth in a bid to take control of thousands of computers.
The emails contain bogus news of a Microsoft update, advising people to open a link to a Web site and download a file that will secure and 'patch' their PCs. The fake Web site, which is hosted in Australia, looks almost identical to Microsoft's and the download is actually a Trojan horse — a program that can give hackers remote control of a computer.
"The email won't be picked up through anti-spyware software because the file does not contain spyware signatures that would be used to identify it as potentially harmful," said Martino Corbelli from SurfControl. "Anti-spyware software tends to scan URLs and attachments in suspicious emails, but because none of the recognised spyware signatures are present here, there's no way this approach could identify the threat."
SurfControl said that the Trojan advertises an infected computer to hackers so it can become part of a botnet — a network of thousands of hacker-controlled computers typically used for illegal activity, such as spamming.
The Trojan installs an executable file into the Windows directory. When it is running, the program takes up all the processing power of an infected computer by forcing it to perform continuous tasks.
Microsoft said on Friday that it is looking into the situation.