Microsoft Malware and Anti-Malware
It’s a Microsoft themed posting today, I hope Bill is pleased 
First we have a new Microsoft patch being sent via e-mail for a new vulnerability, or so you are led to believe. Details below:
Here is a screenshot of the e-mail:
Screenshot courtesy of SOPHOS.
If you are naive enough to believe that Microsoft send patches out via e-mail, then you are the sort of person that would also have infected your computer with Swen when it used the same trick to great effect.
The web link [URL] shown in the e-mail is not where you will go if you are gullible enough to click on the link and download the ‘alleged’ patch.
This uses the same phishing-like trick that I mentioned the other day.
It seems that once more the Bad Guys and Gals are trading tricks to help them get you to infect you computer or disclose person data. Once you have clicked on the link and executed [run] the downloaded file; which is a Trojan horse, the install will display the following bogus message:
“Microsoft WinLogon Service successfully patched.”
In reality the Trojan is now secretly logging all your keystrokes and sending them to an email address belonging to the Bad Guys and Gals that created it.
The good news is that the website being used to home the Trojan has been taken down, so if you haven’t yet infected yourself you’ve missed your chance with this one
Oh, and just in case you didn’t know, there is no such vulnerability and even if there were Microsoft don’t send patches to customers via e-mail like this, got it?
Oh yes I nearly forgot, here is a link to the description of the Trojan itself, known as BeastPWS-C.
Microsoft OneCare Launched Today:
The much vaunted [by Microsoft] ‘OneCare‘ service launches today. ‘OneCare’ is the new anti-malware offering from Microsoft which includes anit-virus and anti-spyware services for home users.
Not surprisingly existing anti-virus and security vendors are jumping on the bandwagon. Just to steal a bit of Microsoft’s thunder on launch day of ‘OneCare’, McAfee is launching their own similar service, named ‘Falcon‘.
Symantec are also planning a similar service which they were going to name ‘Genesis’, however their service is delayed and has also been renamed to ‘Norton 360′.
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
