A teacher recently received this email message in the Amphitheater Outlook Web Access (bold formatted words are my emphasis):
From: serv@niet.com [mailto:serv@niet.com]
Sent: Fri 10/27/2006 1:46 AM
To: Some User
Subject: [WARNING: Virus Attack Detected] Mail server report.
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Please notice a number of things that stand out and are good indicators that this is an attempt to get the user to open a bogus attachment:
- The address in the FROM field is not from Microsoft or Symantec Antivirus, but from serv@niet.com.
- The email is coming from the "mail server"; in reality, the virus scanning software running on the mail server would be the message sender.
- The message states that "the firewall" has determined that the user's PC is sending out emails containing "worm copies". The network firewall would never be checking this nor would it be generating this type of warning.
- The grammar is atrocious.
- The user is expected to install the attached update (update-KB6500-x86.zip) which is also 86 Bytes. Here are problems with this scenario:
- Microsoft never sends out Updates to any of the Windows operating systems directly to users via email.
- Microsoft never sends out updates or patches in a ZIP file format: these updates will be in the form of an .EXE file (an executable program) or an .MSI (Microsoft Installer) file.
- There would never be an update or a patch that is only 86 bytes - the code could be 86 bytes, but the distribution program container would be substantially larger--many Kilobytes.
So, if you really inspect the message and have a foundation in basic knowledge about how Microsoft does business and what are sound business practices in today's world, you will quickly identify the above attempt as phishing and mark the message as Junk Email, and then delete the email and attachments without a second glance. Let's hope that there comes a day when none of this will be necessary, until then, please be safe out there!
- Login to post comments
- 318 reads
Recent blog posts
- Favorite Android OS-Moto Droid Apps
- Word 2007 and Page Numbering & Sections
- New Firefox 3.5 Available
- Ubuntu & French National Police
- Acrobat Reader PDF as infection vector
- Word 2007 Multilevel Lists
- Java Upgrade Problem - Error 25099
- Adding/Updating Clip Art in Office 2007
- Shopping Safely Online
- Viruses, Worms and Thumbdrives
Recent comments
- One-in-Six USB Drives Infected at Cornell
1 year 25 weeks ago - F-Secure Brastk.exe info
1 year 28 weeks ago - "Fix" is Temporary?
1 year 28 weeks ago - Great Analogy to Explain BSOD
1 year 29 weeks ago - Possible AVPro2009 Fix -- MalwareBytes
1 year 29 weeks ago - Here's an article on T.H.E.
1 year 29 weeks ago - Antivirus Pro 2009 Update
1 year 30 weeks ago - Solved--HP D-220 Video Problem
1 year 30 weeks ago - DVD Problem fix
1 year 30 weeks ago - Spam Attacks
1 year 30 weeks ago
Who's online
Syndicate
Comments
Spam Attacks
In case you had any doubts about the efficacy of spyware/malware and viruses attached to email messages, check out this posting on T.H.E. Journal. The incredible increase in SPAM and bogus/malacious attachments to email is out of this world in this third quarter of 2008.
Please be careful and check email from senders you don't recognize. Our Microsoft Outlook email services do not readily identify SPAM and email from outside the District as it was previously quite apparent in Novell's Groupwise email.
Note the following comment by a security/technology consultant interviewed:
"For Apple Mac and Unix lovers, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organized criminals are causing havoc for Windows users in the hunt for cold, hard cash," said Graham Cluley, senior technology consultant at Sophos, in an e-mail to Redmondmag.com.
The "Unix lovers" can really be read as Linux and Sun's Solaris systems. Imagine that: no viruses or outside forces casually taking over your computer just because you've clicked on some idiotic junk email! I switched my mother-in-law's PC over from Windows XP Home to Ubuntu 8.04 and now she really doesn't have to worry about getting more viruses and spyware/keyloggers on her PC. Since she no longer has to have antivirus and antispyware software running on her Linux-based PC, her PC is faster and more responsive--almost like getting a new computer! Really something to think about!