He has ruled the computer industry for a long time with the introduction of Windows through Microsoft and has left his mark on the lives of most if not all those who have used their software, Bill Gates has finally stepped out (for real this time) of the Microsoft management for good. Even as the news was still warm and getting out into the wild, another attack on the software giant has been detected and reported by the security provider WebSense about a fake OS patch that is aimed to address some vulnerabilities in Microsoft software. The supposed patch redirects users to a malicious web page that installs malware on the unsuspecting user.
βIt’s a deception attack, where it is made to look like a Microsoft update and the user has to take action, rather than an exploit where the user gets infected without saying yes to the download,β Hubbard said. (Hubbard is a Chief Technology Officer at Websense)
Most seasoned users of Microsoft products, know that the company does not send notification of software patches through email (which is done by their AutoUpdate system that automatically does all the work for you…. well, even without you for some updates are unstoppable if you have your system on automatic mode). Any unsuspecting user that clicks on the “Yes” button to get the said update gets a backdoor program installed instead without any warnings. The wide open door can then be used by hackers to obtain information about the user or even take over the victim computer as another minion in the never ending battle between malware and security experts. The hackers managed to go around spam filtering systems by using a redirection path that aims the browser to the web site of the US Secret Service which is a sure sign of more devious acts to come.
The complexity and knowledge of hackers on how to circumvent security is very much a threat to all internet users and still remains a real threat for all of us who use the internet each day.
Source : SC Magazine