Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Canadian Pharmacy Needs a Dose of Immodium | Main | A New Day, A New Canadian Pharmacy Scam/Lure »

June 19, 2010

Worm Notice [Not] from Microsoft

It's probably just because I've been in the industry for so long, but I got a huge chuckle out of a bogus email spew overnight that claims to come from "Microsoft Support."

Subject: Your Computer has probably been infected

Dear Microsoft Customer,

Starting 17/06/2010 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.

To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

This is wrong is so many ways:

  1. Microsoft never sends out this type of email.
  2. Being an American company, it would use the American style of date if it were to use the shortened version. The writer of this missive is definitely from outside North America.
  3. Microsoft would never readily admit that its software allowed infection by anything.
  4. How would an infection on my ISP's network (whatever that is) cause my computer to be infected?

After my chuckle, however, I could readily imagine the sinking feeling that occurs when you read something that might be official (assuming you didn't know better) that implies something serious has happened to your computer. I tried to run the attached file (setup.zip) through VirusTotal, but the site is down (coincidence, or DDOS by the perps?).

Unfortunately, this attack will probably be fairly successful in pwning a bunch of new computers, using them as botnet nodes, and stealing login credentials from every protected web site the victim visits.

Posted on June 19, 2010 at 09:23 AM