Darknet - The Darkside » BeastPWS-C http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Thu, 18 Mar 2010 08:50:21 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Fake Microsoft Patch – BeastPWS-C http://www.darknet.org.uk/2006/05/fake-microsoft-patch-beastpws-c/ http://www.darknet.org.uk/2006/05/fake-microsoft-patch-beastpws-c/#comments Wed, 31 May 2006 03:32:08 +0000 Tiago Faria http://www.darknet.org.uk/2006/05/fake-microsoft-patch-beastpws-c/ If you receive a e-Mail alert of a new patch for your Windows XP OS, think again before opening the link present on the message.

The spammed emails, which purport to come from patch@microsoft.com, claim that a vulnerability has been found ‘in the Microsoft WinLogon Service’ and could ‘allow a hacker to gain access to an unpatched computer’.

The link on the e-Mail will redirect to a non-Microsoft site where you will download a trojan named BeastPWS-C, “which is capable of spying on the infected user and stealing passwords.”

When first installed the Trojan horse displays a bogus message, which reads: ‘Microsoft WinLogon Service successfully patched’. In actual fact, the malware is secretly logging keystrokes and sending them to an email address belonging to the hacker.

Well, I wouldn’t mind receiving this ‘Microsoft’ e-Mail and mail-bomb that looser’s e-Mail address (yeah, the good old mail-bomb attack still works).

For future reference, people need to remember that Microsoft doesn’t send hotfixes using attachments and not to deploy this patch on their WSUS servers.

Source: NHS

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/05/fake-microsoft-patch-beastpws-c/feed/ 0