James O'Neill's blog

Windows Platform, Virtualization and PowerShell with a little Photography for good measure.

Never, ever run executables which arrive unexpectedly by mail.

Never, ever run executables which arrive unexpectedly by mail.

  • Comments 3
  • Likes

I had this waiting for me on my home PC this morning.

From: Microsoft [mailto:customerservice@microsoft.com]
Sent: 10 October 2008 02:25
To: {My home account}
Subject: Security Update for OS Microsoft Windows

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions:

Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.

2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner

Director of Security Assurance

Microsoft Corp.

-----BEGIN PGP SIGNATURE-----

Version: PGP 7.1

Now there are a number of things which jump out and say THIS IS A FAKE , notably the greeting “Dear Customer” [someone who has your email address but not your name is suspicious for starters], the grammatical errors and clumsy English the incorrect names. Also the fact that when you sign up for Windows update, Microsoft don’t get your e-mail address.  I give it a plausibility rating of about 3 out 10. But this seems a good time to remind people Never, ever run executables which arrive unexpectedly by mail. Outlook has blocked executables for since about 2002 so I didn’t get to see what the file was – although it was named to make it look like a valid patch.

The same rules apply to mails which tell you to go to a web site and enter information. My bank, e-bay and paypal have all said much the same thing. “If we need you to do something on-line we will send you a mail which addresses you by name, and says go to the normal web site, log on normally and then follow these steps. Anything which says dear customer, click this link and enter private information is a fake.”

YOU probably know this already. By all means warn people about this specific mail, but far better to remind people you know who might be taken in of these basic rules.

Comments
  • When it's suppost to fix just about every Windows operating system [or those that some people may still use] you know it's a fake Email.

    I like the line "we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users". OK. What's so private if all OS users are getting it? :-)

    Unfortunately for those who have friends and family that are novices, they may think it's real....

  • Do we know if any A/V is picking up the executable yet? And if so, what it's being called?

    Thanks.

  • Addition to my last post, according to this link:

    http://blog.mxlab.be/2008/10/10/security-update-for-os-microsoft-windows/

    The following vendors identify it as :

    known by Sophos as Mal/EncPk-CZ

    and  by F-Secure as Trojan-Spy.Win32.Goldun.bce.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment