NooNoo
October 10th, 2008, 04:27 AM
Received one this morning
DO NOT INSTALL IT - MICROSOFT NEVER EMAILS UPDATES.
The email appears to be from Microsoft Official Update Center <customerservice@microsoft.com> but is actually from Return-path: <2jz0od@hotmail.com> when you look at the header.
The email subject is Security Update for OS Microsoft Windows
The attachment is called KB289408.exe
The body of the email reads:
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
ZICNV4D2W88H3A5BJ43VL24HS1132TI48VEJT00ESTWC8Q7P4L MSKK9QBAG4P00D7
PI7J2SOH9NVV8W0XIJTFA8H9IO9HBYGWV1YK3GV7WCU1DELS8L UYY7CMQDGDWQE8R
LPAMN7UFQQ6VXF50TR80YPP0VUNAORZUR3VLSM5II62UPTBTK0 G78YDEZCU2CAS14
37AECTYRNGRCI0CD5S083LWAAHFVLSFKYFM0FXRCDNZPK1UENX 20F5R05RQZZI15P
VCRS9NHIVJ3LTWE66GR8MX02RAUSX7X42KM==
-----END PGP SIGNATURE
While the grammar (and one spelling mistake) is awful, it is just long enough for people to skim read it and not notice and then possibly try and install it.
No, I haven't installed it so I don't know what the payload is... the fact that my anti-virus went nuts is enough knowledge for me :)
This is particularly annoying as I have just convinced a few hold-out customers that windows updates are a good thing - so I am going to be on the phone for most of the morning....
DO NOT INSTALL IT - MICROSOFT NEVER EMAILS UPDATES.
The email appears to be from Microsoft Official Update Center <customerservice@microsoft.com> but is actually from Return-path: <2jz0od@hotmail.com> when you look at the header.
The email subject is Security Update for OS Microsoft Windows
The attachment is called KB289408.exe
The body of the email reads:
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
ZICNV4D2W88H3A5BJ43VL24HS1132TI48VEJT00ESTWC8Q7P4L MSKK9QBAG4P00D7
PI7J2SOH9NVV8W0XIJTFA8H9IO9HBYGWV1YK3GV7WCU1DELS8L UYY7CMQDGDWQE8R
LPAMN7UFQQ6VXF50TR80YPP0VUNAORZUR3VLSM5II62UPTBTK0 G78YDEZCU2CAS14
37AECTYRNGRCI0CD5S083LWAAHFVLSFKYFM0FXRCDNZPK1UENX 20F5R05RQZZI15P
VCRS9NHIVJ3LTWE66GR8MX02RAUSX7X42KM==
-----END PGP SIGNATURE
While the grammar (and one spelling mistake) is awful, it is just long enough for people to skim read it and not notice and then possibly try and install it.
No, I haven't installed it so I don't know what the payload is... the fact that my anti-virus went nuts is enough knowledge for me :)
This is particularly annoying as I have just convinced a few hold-out customers that windows updates are a good thing - so I am going to be on the phone for most of the morning....