Windows Update a Phish Tale

Monday, November 5, 2012 @ 02:11 PM gHale


There is a nifty phishing page on a website called microsofts.us that is very good at snaring victims, said researchers at GFI Labs.

When a victim goes to the site, after they succumb to a spam attack, users see a message which reads: “Your computer is out of date and risk is very high. To update your windows installation records you are required to choose your email address below.”

RELATED STORIES
Cloud Ripe for Botnet Attacks
Cloud Confusion: Data Ownership
VMware Cloud Security Issue
Security Holes in Cloud Storage

After victims provide their email addresses and associated passwords, they end up seeing a page that contains instructions on how to update Windows.

The instructions are not malicious, but at this point, the user’s credentials are safely stored in a database controlled by the cyber criminals.

The site is currently under watch as being malicious by browsers and security solutions providers, and officials removed the webpage in question.

Just because that page is gone, it does not mean the attack is through. That means users need to be on top of their game because these phishers can easily relocate the page.



Leave a Reply

You must be logged in to post a comment.