Faked Windows Update injects Trojan

The German I.T. Publisher heise.de informs readers about a warning issued by security expert Sophos and others. Accoriding to Sophos, hackers currently try to access PCs by sending faked security emails, that pretend to be authored by the Windows Update Service update@microsoft.com. Subjects may include "Urgent Windows Update",

"Important Windows Update" or "Update your windows machine" and try to guide users to a faked but very realisitc website to install a trojan virus, embedded in a "so called" update "Wupdate-20050401.exe".

Please remember that no major software vendor, including Microsoft, issue security warnings in this way or send unsolicitated emails. It is recommended to always keep your antivirus and firewall software always up-to-date. Do not install programs or updates recommended by emails. Always double-check on official company websites.

More Information : http://www.sophos.com/virusinfo/articles/fakemsupdate.html, http://www.heise.de/security/news/meldung/58395