Microsoft Plug and Play Scam/Trojan Horse

Discussion in 'spyware news and general information' started by NICK ADSL UK, Nov 10, 2005.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,284
    Location:
    UK
    Websense® Security Labs™ has received reports of a new email scam disguised as a Microsoft Security Update for the recent Plug and Play vulnerability. Users receive a spoofed message requesting that they download a critical patch for MS-05-479 in order to be protected from hackers and viruses.

    Upon clicking the included URL they are directed to a fraudulent website hosted in Canada, which was up and running at the time of this alert. The site uses screenshots of the real Microsoft security update site. Included is a link to the patch which is a program called "plugandplayfix.exe". The website URL is hosted on a machine which appears to have been compromised and simply has an IP address followed by

    http://<IP-address-removed>/update.microsoft.com/windowsupdate/v6/plugandplayfix.exe

    Upon execution the Trojan Horse opens a backdoor on the machine, connects to an IRC channel, and modifies several system variables.
    http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=330
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.