• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

Fake MS updates

7 posts in this topic



Don't update via email! - Fake MS update

- http://securitylabs.websense.com/content/Blogs/3537.aspx

01.25.2010 - "... spammers seem ready to pounce on the press attention towards the recent out-of-band release of MS10-002 to scare users into downloading fake updates via email. We have been seeing messages pushing a Microsoft update via a link... The URL in the spam messages leads to a file called "update2010.scr" which currently has low detection rates*... The site hosting these fake updates is located in the Netherlands, and we have also seen that it's hosting the same file, under a different extension, called "update2010.exe". The icon of the file, once downloaded, is also believable... Remember that Microsoft won't ever send messages for Windows updates, so please don't download and run this file. This probably won't be the only lure of this kind, so be diligent and remember not to click on links from unsolicited emails..."

* http://www.virustotal.com/analisis/52d23aa981e825f8601d848ed882a37d8ed2d9c1173e69c2a8c9a7f2cc6335c4-1264441334

File update2010.scr received on 2010.01.25 17:42:14 (UTC)

Result: 7/40 (17.50%)


- http://www.microsoft.com/protect/fraud/phishing/Msname.aspx

... Microsoft does not send unsolicited communications about security updates

Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, cyber criminals can and have sent -fake- security communications that appear to be from Microsoft. Some of these messages lure recipients to Web sites to download spyware or other unwanted software. Others include a file attachment that contains a virus.

How to help verify the legitimacy of a security-related e-mail

• Legitimate notifications do -not- include software updates as attachments. We -never- attach software updates to our security communications. Rather, we refer customers to our Web site for complete information about the software update or security incident.

• Legitimate notifications are also on Microsoft.com. We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Microsoft Security Updates page* to see whether the information is listed there.

* http://www.microsoft.com/security/updates/bulletins/default.aspx



Edited by apluswebmaster

Share this post

Link to post
Share on other sites



Fake MS Security Update w/worm...

- http://www.pcworld.com/article/215491/worm_planted_in_fake_microsoft_security_update.html

Jan 4, 2011 - "... the malware crowd is exploiting Microsoft's routine of releasing fixes on Tuesdays and sending out fake security emails bent on infecting their targets with a worm... "Please notice that Microsoft company [sic] has recently issued a Security Update for OS Microsoft Windows," the fake notice reads in typical fractured prose. It then goes on to give instructions for installing the fake security file, KB453396-ENU.exe. "If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine," it explained..."

- http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/

Jan 4, 2011 - "... With so much effort being taken by the cybercriminals to hoodwink unsuspecting computer users, though, you would have thought they would have not made an elementary mistake in their forged email header. The messages we've seen claim to come from no-reply@microsft .com . That's right. "microsft"..."



Share this post

Link to post
Share on other sites



Virus Outbreak In Progress...

- http://www.ironport.com/toc/

Virus Outbreaks in the Last 24 Hours

(Last Updated: April 4, 2011) Trojan variant(s)...

Real-time Outbreak Details

- http://tools.cisco.com/security/center/threatOutbreak.x?currentPage=1&sortOrder=d&pageNo=1&sortType=d

Malicious Microsoft Security Update E-mail Messages...

- http://tools.cisco.com/security/center/viewAlert.x?alertId=22862

... spam e-mail messages that claim to contain a security update for Microsoft Windows. The text in the e-mail message instruct the recipient to follow a link to receive the update. However, the link directs users to a malicious .exe file that, when executed, attempts to infect the recipient's system with malicious code... sample of the e-mail message that is associated with this threat outbreak:

"Subject: Protect yourself using latest Microsoft release!..."

Fake Post Express Parcel Delivery Failure Notification E-mail Messages...

- http://tools.cisco.com/security/center/viewAlert.x?alertId=22778



Share this post

Link to post
Share on other sites



Fake MS Patch Tuesday Alert - SPAM...

- http://community.websense.com/blogs/securitylabs/archive/2011/05/09/administrators-and-users-beware-fake-patch-tuesday-alert.aspx

9 May 2011 04:07 PM - "... attack ties in almost perfectly with the release of patches on the upcoming "Patch Tuesday" from Microsoft. The attack lures the unsuspecting user into following the link provided within the email message, which evidently infects their system as it downloads an executable to the user's machine. The executable (the fake patch) is being hosted on a compromised domain... VirusTotal*... The email message looks quite legitimate, as the display names within the headers actually say they originate from Microsoft (spoofed). Other attributes of the message include a sense of urgency with the subject: "URGENT: Critical Security Update"..."

* http://www.virustotal.com/file-scan/report.html?id=6279d6acab9640b9d69d43d764fb4f5cf87c24971abc3899609443443d15cfb0-1305031214

File name: SECURITY_FIX_0231_.exe

Submission date: 2011-05-10 12:40:14 (UTC)

Result: 17/40 (42.5%)

There is a more up-to-date report...

- http://www.virustotal.com/file-scan/report.html?id=6279d6acab9640b9d69d43d764fb4f5cf87c24971abc3899609443443d15cfb0-1305194349

File name: SECURITY_FIX_0231.exe

Submission date: 2011-05-12 09:59:09 (UTC)

Current status: finished

Result: 25/42 (59.5%)


- http://tools.cisco.com/security/center/viewAlert.x?alertId=23105

May 10, 2011 - "... SECURITY_FIX_0231.exe ... another variant SECURITY_FIX_0293.zip..."



- http://www.zdnet.com/blog/security/fake-microsoft-patch-tuesday-emails-lead-to-zeus-crimeware/8646

May 12, 2011



Edited by AplusWebMaster

Share this post

Link to post
Share on other sites



Fake AV cloaks itself to appear to be MS Update

- http://nakedsecurity.sophos.com/2011/06/09/fake-anti-virus-cloaks-itself-to-appear-to-be-microsoft-update/

June 9, 2011 - "... criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful... This week they've started to imitate Microsoft Update. The page is nearly an exact replica of the real Microsoft Update page with one major exception... It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.The same site was also hosting the traditional Windows XP explorer scanner we have seen for years, as well as a new Windows 7 scanner. Similar to spam messages that have corrected their grammar and use correct imagery and CSS, the attackers selling fake anti-virus are getting more professional. They use high quality graphics and are using information from our UserAgent strings that are sent by the browser to customize your malware experience..."



- http://www.infoworld.com/print/163719

2011-06-09 - "... It starts with an alert window popping up, purportedly for installing a critical update to - fittingly - the Windows Malicious Software Removal Tool. The window does bear a striking resemblance to a real Windows Update window. If the user agrees to install the 2.8MB "security update," he or she really ends up installing scareware..."



Edited by AplusWebMaster

Share this post

Link to post
Share on other sites



Fake Windows Critical Patch e-mail messages...

- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=26274

June 28, 2012 - "... detected significant activity related to spam e-mail messages that claim to contain a critical Windows patch for the recipient. The text in the e-mail message attempts to convince the recipient to follow a link and download the patch. However, the link directs the user to an .exe file that, when executed, attempts to infect the system with malicious code... The update.exe file has a file size of 610,304 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC420F57B55571DB9E3DE0BD4198CA6AA

The following text is a sample of the e-mail message that is associated with this threat outbreak:

Subject: Windows Critical Update.

Message Body:

We Have released an emergency Windows update today after revealing that one of our trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Worlwide. Since the virus is highly targeted and can not be caught by most antivirus programs, the "vast majority of customers are at risk. Windows users are urged to install the new KB2718708 patch Immediately.

Click here to Download The Patch



Security Department..."



- http://www.microsoft.com/security/online-privacy/msname.aspx

"Microsoft does -not- send unsolicited communication about security updates... Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do -not- open the attachment."



Edited by AplusWebMaster

Share this post

Link to post
Share on other sites


MS "failed update" phish...
- http://nakedsecurity.sophos.com/2013/10/14/microsoft-failed-update-phish-might-well-sound-believable-watch-out/
Oct 14, 2013 - "... this email, though not exactly expected, isn't outrageously obviously bogus at first sight, and might even relate to problems you've experienced recently:
> http://sophosnews.files.wordpress.com/2013/10/msphish-hook-500.png?w=500&h=437
The lack of HTTPS is cast into harsh relief when what looks like an official Microsoft login screen appears, where you would expect a secure page:
> http://sophosnews.files.wordpress.com/2013/10/msphish-form-500.png?w=500&h=485
In short, be careful with emails you weren't expecting, and be sure to check that the details add up - in this example, the missing HTTPS and the curious domain name don't add up at all. If in doubt, leave it out!"

- https://net-security.org/secworld.php?id=15779
16 Oct 2013

- https://isc.sans.edu/diary.html?storyid=16838
Last Updated: 2013-10-17 22:19:09 UTC
> https://isc.sans.edu/diaryimages/images/microsoft-phish.jpg

innovativeair .org
- https://www.virustotal.com/en-gb/ip-address/


Edited by AplusWebMaster

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now