16 October 2008 | 5,100 views

E-mail Scammers Target Microsoft Users

Prevent Network Security Leaks with Acunetix

Microsoft users are being targeted again by malware via e-mail, scammers/spammers never give up and for once the e-mail looks fairly legitimate.

Usually this kind of ‘baitware’ is riddled with terrible grammar and horrible spellings, do make sure you brief the less security aware friends you have about this though just in case.

Email scams are a common way to spread malware and/or steal personal information. Some great guidelines to help you protect yourself from such scams are outlined here.

We have recently found out about the latest in an ongoing string of email scams that target Microsoft customers. This particular scam contains the Backdoor:Win32/Haxdoor trojan as an attachment. We have seen a few emails targeting Microsoft customers that look like the email below:

It’s not the first time we’ve seen this attack vector used in this way, but most AV software with a recent signature file should catch this e-mail as it comes in.

It shouldn’t be a big problem for corporates.

The email is as follows:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update
for OS Microsoft Windows. The update applies to the following OS versions:
Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium,
Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates
category. In order to help protect your computer against security
threats and performance problems, we strongly recommend you to
install this update.

Since public distribution of this Update through the official website
http://www.microsoft.com would have result in efficient creation of a
malicious software, we made a decision to issue an experimental private
version of an updatefor all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are
available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings
of your OS you have an indication to run all the updates at a background
routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

Once again be aware, perhaps stick a rule in your IDS at the mail gateway so you know if this one comes in.

And do tell people about it!

Source: Microsoft Technet (Thanks Navin)



Recent in Malware:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis

Related Posts:
- Fake Microsoft Patch – BeastPWS-C
- Web Services Attack Frequency Increasing
- 419 Scammers Duplicate Interpol Site

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,309 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,459 views
- US considers banning DRM rootkits – Sony BMG - 44,929 views

Advertise on Darknet

8 Responses to “E-mail Scammers Target Microsoft Users”

  1. navin 16 October 2008 at 3:03 pm Permalink

    As always
    cheers :)

  2. Morgan Storey 17 October 2008 at 1:25 am Permalink

    it is mindblowing that people still fall for these scams.

  3. navin 17 October 2008 at 1:23 pm Permalink

    cmon, today people trust Facebook with their most intimate details, and tht’s a site tht’s not even a decade old!! Most consider Microsoft a demigod company….so an email from them is accepted with Zero logic!!

  4. Cor-Paul 20 October 2008 at 7:48 am Permalink

    @navin I think most current computer users have zero logic anyways :)

  5. Gul 20 October 2008 at 11:57 am Permalink

    Hi guys…

    I think that majority of people just doesn’t realized, that’s just a big ‘joke’. Remind you of the first years of internet, we were like child (some of us were, actually) with stars in the eyes, and a certain taste to discover what lies in the all new world. But we didn’t really knew what shall be founded. know we’ve grown up and a more prepared to face this hostile lands. But for a lot of people, it’s just like what it was for us decades ago… Plus the new bad guys, and not everyone really understand what their up to. “And, you know, when my computer is broken, I only need to reinstall windows”… Yeah, they just are like us decades ago… But they didn’t realize that threats are bigger, and are not just about breaking you windows, forcing you to reinstall…

    I think we really need to make them grow up a little bit. After all, now we are the veterans ;)

  6. navin 20 October 2008 at 6:28 pm Permalink

    duh!! but meh

    who cares bout them dopes anyways?? U can take a horse to a watering hole but u can’t force it to drink water…..similarly, u can tell dopes to secure themselves a million times, but u can’t force them to act logically!!

  7. Gul 21 October 2008 at 8:31 am Permalink

    We just have to ‘educate’ them. Could be fun, you just take the ‘big mouths’/hierarchic superiors/etc in a group, show them how it’s funny all the informations you can gather from their social networks and with forged emails and them make them become just a bit paranoid… Then, you just have to look how the information flows ;)

    Social engineering can be used for that too ;)

  8. goodpeople 27 October 2008 at 8:20 am Permalink

    I agree with Gul. Education is the only solution. Plus that we have to whatever we can at a technical level to protect our sheep.

    But I fear that there will always be a market for this kind of threat.