« Clueless Botnet Users | Main | How to Piss Off Your Potential Customers »

June 22, 2009

Here is an email claiming to come from Microsoft alerting Outlook and Outlook Express users to a supposed update:

This is a variation on the malware delivery email reported a few days ago by Sophos (and others), but this time the email doesn't carry an attachment, just a link. The link actually goes to a new site whose domain was registered waaay back earlier today. The destination page includes an iframe whose contents do the dirty work of pwning your PC.

Remember: Microsoft does not send out emails about critical updates. Use only the built-in Software Update mechanisms within Windows (and hope like hell your PC hasn't been previously taken over).

UPDATE 23 June 2009: The "Date Published" field of the message increments with the date on which the email message was sent. Also, the long number assigned to the "id" attribute in both the fake and real URLs change with each email.

UPDATE 23 June 2009 (#2): These emails have turned into a flood being sent from compromised PCs on most continents and using email addresses that included harvested spamtrap addresses — commonly recipients of medz and sex spam when the botnet recruitment efforts diminish.