View Full Version : Fake MS updates ...

2012-06-29, 17:38

Fake Windows Critical Patch e-mail messages...
- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=26274
June 28, 2012 - "... detected significant activity related to spam e-mail messages that claim to contain a critical Windows patch for the recipient. The text in the e-mail message attempts to convince the recipient to follow a link and download the patch. However, the link directs the user to an .exe file that, when executed, attempts to infect the system with malicious code... The update.exe file has a file size of 610,304 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC420F57B55571DB9E3DE0BD4198CA6AA
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Windows Critical Update.
Message Body:
We Have released an emergency Windows update today after revealing that one of our trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Worlwide. Since the virus is highly targeted and can not be caught by most antivirus programs, the "vast majority of customers are at risk. Windows users are urged to install the new KB2718708 patch Immediately.
Click here to Download The Patch
Security Department..."

- http://www.microsoft.com/security/online-privacy/msname.aspx
"Microsoft does -not- send unsolicited communication about security updates... Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do -not- open the attachment."


2013-10-16, 14:58

MS "failed update" phish...
- http://nakedsecurity.sophos.com/2013/10/14/microsoft-failed-update-phish-might-well-sound-believable-watch-out/
Oct 14, 2013 - "... this email, though not exactly expected, isn't outrageously obviously bogus at first sight, and might even relate to problems you've experienced recently:
> http://sophosnews.files.wordpress.com/2013/10/msphish-hook-500.png?w=500&h=437
The lack of HTTPS is cast into harsh relief when what looks like an official Microsoft login screen appears, where you would expect a secure page:
> http://sophosnews.files.wordpress.com/2013/10/msphish-form-500.png?w=500&h=485
In short, be careful with emails you weren't expecting, and be sure to check that the details add up - in this example, the missing HTTPS and the curious domain name don't add up at all. If in doubt, leave it out!"

- https://net-security.org/secworld.php?id=15779
16 Oct 2013

- https://isc.sans.edu/diary.html?storyid=16838
Last Updated: 2013-10-17 22:19:09 UTC
> https://isc.sans.edu/diaryimages/images/microsoft-phish.jpg

innovativeair .org
- https://www.virustotal.com/en-gb/ip-address/

:fear::fear: :mad: