Some users of Microsoft Corp.’s Internet Explorer Web
browser have unknowingly become participants in a denial of service attack
launched on a Web site operated by the Bulgarian Telecommunications Co.
Microsoft has posted a message on its Web site warning IE users of the
“trojan horse” program that acompanies an e-mail messages sent out last
week using a forged Microsoft return address.
The fraudulent message, from IEsupport@microsoft.com, informs receipts that
IE contains bugs that can be fixed by running an included attachment. The
file is actually a trojan horse that, when executed, will launch a flood
from the user’s computer to the Web server operated by the BTC.
Experts attribute the attack to BTC’s recent entry into the Internet access
business. The BTC has taken down the site while operators are upgrading its
server software.
Microsoft reiterated that all security patches are distributed on its Web
site. The company said it never includes attachments in e-mail it sends to
users.