Home Current News News Archive Shop/Advertise Ridecamp Classified Events Learn/AERC
Endurance.Net Home Ridecamp Archives
ridecamp@endurance.net
[Archives Index]   [Date Index]   [Thread Index]   [Author Index]   [Subject Index]

[RC] Malware beware - Diane Trefethen

In light of the recent malware episode where roxvet@xxxxxxx was spoofed, this post might not be so very OT.

Yesterday I received a notice ostensibly from Microsoft. It looked EXACTLY like the real Microsoft Knowledge Base pages. It purported to be an "Update for Microsoft Outlook / Outlook Express (KB910721)". NOTE: I have since learned that there are several such emails floating around that reference other Microsoft products such as Explorer and Windows XP. Some of the references they include are to:
KB910721
KB199250
KB246586
KB294576
KB519287
KB535548
KB572906
KB585658
KB631829
KB763412
KB871565


The only thing fishy was that I KNOW Microsoft does not send notification of software updates to individuals. They are not THAT paternalistic. So I used an old trick. With the message in my preview pane, I clicked Ctrl-U. This command opens the email in its source.
The first thing you see when you do this is the email's header.
Read the header to see if the email passed through ANY "unbelievable" users
Checked the "Return-Path:" line - BINGO! The return path was
<crunchingmyy98@xxxxxxxxxxx>
Talk about STUPID, like Microsoft is going to use someone named
crunchingmyy98 to distribute important update info!
If the return path hadn't looked suspicious, next
Check all the "Received: from" lines
1) adsl.inetia.pl .pl = Poland
Bingo #2.


No big company uses "garbage" distributors. They do it themselves or farm the job out to a reputable (read well-known) firm.

Next I went to http://support.microsoft.com/ and did a search on "KB910721". One result was:
http://support.microsoft.com/kb/959318/
which is an article entitled, "You receive a fraudulent e-mail message that claims that an attached executable is a Microsoft security update". The article describes this fraud and includes this ETERNALLY CORRECT ADVICE:


"If you receive an e-mail message that claims to distribute a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. We recommend that you delete the message. Do not open the attachment."

So be aware and do NOT fall for ANY UNSOLICITED email updates, help, even a link to your grandmother's famous apple pie. ALWAYS check out unsolicited emails BEFORE opening them or, heaven forfend, click on any links they contain.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Ridecamp is a service of Endurance Net, http://www.endurance.net.
Information, Policy, Disclaimer: http://www.endurance.net/Ridecamp
Subscribe/Unsubscribe http://www.endurance.net/ridecamp/logon.asp

Ride Long and Ride Safe!!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=