If you get this email, just delete it.
WASHINGTON (AFP) – A mass e-mail being circulated by hackers purporting to be a Microsoft Windows update alert directs computer users to a fake website where a Trojan virus is installed, security experts said.
The security firm Websense said it began receiving reports this week of the e-mail claiming to be from Microsoft, coincidentally after the software giant announced it was making security updates.
“This e-mail spoofs users into thinking that they must update their Windows software,” Websense said.
“Upon clicking on the link, users are forwarded to a fraudulent website. This website is hosted in Australia, and was up at the time of this alert. The website appears very similar to the real Windows Update site.”
But when a user attempts to perform the update, a Trojan horse virus is installed that allows hackers access to the infected computers, the company said.
The British-based security firm Sophos also issued a warning about the scheme.
“This criminal campaign exploits the public’s rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen,” said Graham Cluley, senior technology consultant for Sophos.
“We have long recommended that computer users keep up-to-date with the latest security patches, as Microsoft vulnerabilities are often exploited by viruses, worms and hackers. But users must be very careful to be sure they are going to the official update websites, rather than just following links in emails which have been sent by hackers.”