Phishing has taken a new turn. Instead of criminals directing people to fake bank sites, hackers instead set up their own bogus Microsoft site.

The site was full of bad stuff. In particular the DSNX-05 trojan. If downloaded the virus would allow the hackers to control the PC by remote control. Potential exists for botnets and denial of service attacks etc.

Users received the link via email. Purportedly coming from update@microsoft.com, (which was bogus), it featured such subject lines as "update your windows machine", "Urgent Windows Update".

The fake site was hosted in Canada, however that is not to say that the perpetrators were Canadians. The coming together of hackers and criminals means they might be spread across the globe. Alternatively it might have been some very sad but clever geek.

Graham Cluley, senior technology consultant for Sophos commented, "This criminal campaign exploits the public's rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen."

The fake site, fairly obviously has been shut down. However it would not be difficult to set up a new one.

Microsoft is frequently is spoofed as the source of malicious e-mails. However the bad stuff is usually included in an attachment. The tactic of phishing seems to be a new development.

Microsoft is aware that it is a huge target. They do take measures to ensure that they are not the vehicle for bad guys. In the first instance, they only send messages to people who have explicitly asked for them. The emails themselves are usually devoid of attachments.

They also advise not to click on links in emails, but to type the address into a browser. This reduces the risk of spoofed addresses.

On a wider scale a firewall and anti-virus software is promoted.

Lastly Microsoft are continually trying to automate the update process from within Windows itself.

Related Articles
IE7 Only On XP SP2