BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Friday, 8 April, 2005, 14:12 GMT 15:12 UK
Warning over fake Windows update
Screengrab of Microsoft security site, Microsoft
Microsoft has advice about how to spot fake updates
Users are being warned to watch out for a fake Microsoft security update.

Circulating as an e-mail the fake message points people at a bogus website that claims to host critical security updates.

But anyone downloading from the site will get a virus installed that opens a backdoor into their computer the program's creators can exploit.

Security firms and Microsoft urged users to ensure they visit legitimate sites when downloading updates.

Fake sites

Anti-virus firm Sophos spotted the e-mail which uses subject lines saying "Urgent Windows Update" and "Important Windows Update"

In the body of the message is a web link that looks like it should link to the Windows Update website but in fact links to a site controlled by the malicious hackers.

Install anti-virus software
Keep your anti-virus software up to date
Install a personal firewall
Use Windows updates to patch security holes
Do not open e-mail messages that look suspicious
Do not click on e-mail attachments you were not expecting

Anyone downloading the fake update on the bogus webpage will have their computer infected with the DSNX-05 trojan.

This opens a backdoor into the PC that could be exploited by the creators of the malicious program.

Anyone falling victim to this could leave computer owners vulnerable to identity theft or having their computer used to send spam, attack other sites or host dubious material.

Microsoft said it only sent e-mails about security updates and incidents to those that have explicitly asked to be sent them.

Also it said it never sends out information about security problems before its website has been updated with information about problems.

This means that if users cannot find information about security problems mentioned in an e-mail on the Microsoft site, they should be suspicious of the message.

Microsoft also urged users to type in the name of the website they are trying to reach rather than use a hyperlink as these can hide spoof websites.

"Users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers," said Graham Cluley, senior technology consultant at Sophos.

Microsoft plans 'safer ID' system
30 Mar 05 |  Technology
Anti-spam laws bite spammer hard
01 Apr 05 |  Technology
Security scares spark browser fix
16 Feb 05 |  Technology
Hi-tech crime costs UK plc 2.4bn
05 Apr 05 |  Business
Microsoft releases bumper patches
09 Feb 05 |  Technology
'Geek speak' confuses net users
06 Apr 05 |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | World | UK | England | Northern Ireland | Scotland | Wales | Politics
Business | Entertainment | Science/Nature | Technology | Health | Education
Have Your Say | Magazine | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific