: :

Add Comment | Related Links | TrackBack
Related Content

Spoofing Microsoft WMF Vulnerability Patch

You have mail!

When I checked my mail a few minutes ago, I was thrilled to receive a new message in my inbox. The sender is "Microsoft Technical Support" and the title is "New Net Security Update". There was an attached "update.exe" of 104k. I thought . . .

Wow, Microsoft finally released the WMF vulnerability patch that they promised at 2PM PST today. And three hours later, they even delivered it to my inbox. I guess this security risk to enough publicity that they would mail it out, rather than having me download it through Windows Update.

Still, somewhere in the back of my mind, uneasiness brewed. I started looking more carefully at the e-mail. It looks professionally enough with all the nice graphics, fonts, and a professionalism that can be attributed to Microsoft. All the links point to respective Microsoft addresses, which made the e-mail feel even more genuine. I have attached a picture of the e-mail below. You can see the original here (attachment eliminated of course).

Always looking up to Sherlock Holmes, I started looking at the header, particularly at the "Message-Id". And, whoa, there it is. The message came from "<[email protected]>", an outfit in Australia. At first, I was a bit confused. Would Microsoft send legitimate e-mails from Australia? Why not? Major companies have been known to outsource services to third-party companies inland and overseas. Many technical supports today originate in India. But wait, what am I saying!? This e-mail can't be legitimately from Microsoft.

And that's when the realization sunk in. I was almost the victim of a very elaborate spoof by a group of ingenious virus, spyware, trojan horse, and adware writers. They are very good. Using an over-hyped public scare of the Microsoft WMF vulnerability and the intelligence that Microsoft is releasing the patch today, the malicious groups tries to play the game by being one step ahead of Microsoft and the innocent people.

Luckily for me, I managed to recognize the guise, but how many others have fallen victim during the twenty minutes that I spent writing this post? What can you do about it? If you get an e-mail like this, delete it and don't open the attachment. Spread the news, let's keep these scammers at bay.

Attached Image:

Spoof E-Mail.png

Chieh Cheng
Thu, 5 Jan 2006 18:12:05 -0800

Add Comment | Related Links | TrackBack
Related Content

Did your message disappear? Read the Forums FAQ.

Add Comment

Spam Control | * indicates required field
Your Name: *
Remember Me!
Comment: *
File attachment is optional. Please do not attach a file to your submission unless it is relevent.
Attach File:
(20 MB Max)
Spam Protection: * Answer of 9 + 4?
Click button only once, please!


TrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites.

Send Ping | TrackBack URL | Spam Control

No TrackBacks yet. TrackBack can be used to link this thread to your weblog, or link your weblog to this thread. In addition, TrackBack can be used as a form of remote commenting. Rather than posting the comment directly on this thread, you can posts it on your own weblog. Then have your weblog sends a TrackBack ping to the TrackBack URL, so that your post would show up here.

Messages, files, and images copyright by respective owners.

Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

90 Users Online

Hacking Digital Cameras
Fun for Photographers

Amazon Associate

Copyright © 2004 - 2020. All Rights Reserved.