Results 1 to 2 of 2

Thread: Fake MS updates ...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake MS updates ...

    FYI...

    Fake Windows Critical Patch e-mail messages...
    - http://tools.cisco.com/security/cent...?alertId=26274
    June 28, 2012 - "... detected significant activity related to spam e-mail messages that claim to contain a critical Windows patch for the recipient. The text in the e-mail message attempts to convince the recipient to follow a link and download the patch. However, the link directs the user to an .exe file that, when executed, attempts to infect the system with malicious code... The update.exe file has a file size of 610,304 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC420F57B55571DB9E3DE0BD4198CA6AA
    The following text is a sample of the e-mail message that is associated with this threat outbreak:
    Subject: Windows Critical Update.
    Message Body:
    We Have released an emergency Windows update today after revealing that one of our trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Worlwide. Since the virus is highly targeted and can not be caught by most antivirus programs, the "vast majority of customers are at risk. Windows users are urged to install the new KB2718708 patch Immediately.
    Click here to Download The Patch
    Regards
    Microsoft
    Security Department
    ..."
    ___

    - http://www.microsoft.com/security/on...cy/msname.aspx
    "Microsoft does -not- send unsolicited communication about security updates... Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do -not- open the attachment."

    Last edited by AplusWebMaster; 2012-06-30 at 22:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MS -phish- "failed update" ...

    FYI...

    MS "failed update" phish...
    - http://nakedsecurity.sophos.com/2013...ble-watch-out/
    Oct 14, 2013 - "... this email, though not exactly expected, isn't outrageously obviously bogus at first sight, and might even relate to problems you've experienced recently:
    > http://sophosnews.files.wordpress.co...ng?w=500&h=437
    The lack of HTTPS is cast into harsh relief when what looks like an official Microsoft login screen appears, where you would expect a secure page:
    > http://sophosnews.files.wordpress.co...ng?w=500&h=485
    In short, be careful with emails you weren't expecting, and be sure to check that the details add up - in this example, the missing HTTPS and the curious domain name don't add up at all. If in doubt, leave it out!"

    - https://net-security.org/secworld.php?id=15779
    16 Oct 2013
    ___

    - https://isc.sans.edu/diary.html?storyid=16838
    Last Updated: 2013-10-17 22:19:09 UTC
    > https://isc.sans.edu/diaryimages/ima...soft-phish.jpg

    innovativeair .org
    - https://www.virustotal.com/en-gb/ip-...8/information/

    Last edited by AplusWebMaster; 2013-11-05 at 12:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •