Fake Microsoft emails

by Shijaz Abdulla on 21.01.2007 at 17:52

Today I received a mail, supposedly from Microsoft, regarding a “security vulnerability”:

Click on the image to zoom

It had an EXE attachment “installation689.exe”. The message was written in the kind of language Microsoft uses to communicate with its customers – clear, courteous and concise explaining clearly what the update is for, etc. The first thing a novice (or even an intermediate) user would do, is to download the attachment and install the patch.

It even had the classic Microsoft footer:

Click on the image to zoom

Now, there are a few things that are revealed upon closer examination:

  • The “from” address is suspicious: Network Security Center [xclocltwp@confidence.microsoft.net]. (Hmmm…)

  • It addresses you as “MS” customer. It also uses terms like “MS Internet Explorer” and “MS Outlook”. Microsoft officially doesnt use “MS” to address itself :). (Hmmm Hmmm…)

  • Microsoft NEVER (never never ever) sends an update out to its customers as an email attachment.

  • Microsoft update files normally have a filename that start with the letters “KB” followed by the KB article number.

What a clever way to outwit the unsuspecting user! So those of you out there, beware of stuff that comes in your e-mail! Think twice before you run an EXE attachment.

From my experience, 9 out of 10 EXE attachments are viruses. Sometimes they appear to come from people you know, because they are actually sent by malicious programs that have already infected their machines.

Trackback Permanent Link

Leave a Reply