James O'Neill's Blog

October 10, 2008

Never, ever run executables which arrive unexpectedly by mail.

Filed under: Security and Malware — jamesone111 @ 10:12 am

I had this waiting for me on my home PC this morning.

From: Microsoft [mailto:customerservice@microsoft.com]
Sent: 10 October 2008 02:25
To: {My home account}
Subject: Security Update for OS Microsoft Windows

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions:

Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.

2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner

Director of Security Assurance

Microsoft Corp.


Version: PGP 7.1

Now there are a number of things which jump out and say THIS IS A FAKE , notably the greeting “Dear Customer” [someone who has your email address but not your name is suspicious for starters], the grammatical errors and clumsy English the incorrect names. Also the fact that when you sign up for Windows update, Microsoft don’t get your e-mail address.  I give it a plausibility rating of about 3 out 10. But this seems a good time to remind people Never, ever run executables which arrive unexpectedly by mail. Outlook has blocked executables for since about 2002 so I didn’t get to see what the file was – although it was named to make it look like a valid patch.

The same rules apply to mails which tell you to go to a web site and enter information. My bank, e-bay and paypal have all said much the same thing. “If we need you to do something on-line we will send you a mail which addresses you by name, and says go to the normal web site, log on normally and then follow these steps. Anything which says dear customer, click this link and enter private information is a fake.”

YOU probably know this already. By all means warn people about this specific mail, but far better to remind people you know who might be taken in of these basic rules.

This post originally appeared on my technet blog.

Create a free website or blog at WordPress.com.

%d bloggers like this: