travis' brain dump

So, I open up my email this morning to see what appears to be a nice new approach to getting people to willingly install malware on their computer. A word to the wise people. If you get an email concerning a Microsoft Update, it IS an attempt to install something on your computer which is most definitely not an update. DO NOT EVER INSTALL AN UPDATE FOR YOUR OPERATING SYSTEM THAT YOU DO NOT GET THROUGH WINDOWS UPDATE OR DOWNLOAD YOURSELF FROM MICROSOFT.COM! Can I make that any more clear?

Supporting Links:

http://isc.sans.org/diary.html?storyid=5159

http://www.scmagazineus.com/Fake-Microsoft-email-contains-backdoor-virus/article/119306/

The message is obviously a fake as it came from the computer of some chinese punk using his/her hotmail account. The following message is as followed (headers included):

Received: from 254-190.78-83.cust.bluewin.ch (254-190.78-83.cust.bluewin.ch [83.78.190.254]) by progressive.ginetx.net (8.13.7/8.13.7) with ESMTP id m9B9EgDM092724 for <*************>; Sat, 11 Oct 2008 09:14:45 GMT (envelope-from QWGMBD@hotmail.com)

 Received: from [83.78.190.254] by mx1.hotmail.com; Sat, 11 Oct 2008 10:14:45 +0100
Message-ID: <01c92b8a$2ef41880$febe4e53@QWGMBD>

From: “Microsoft Update” <customerservice@microsoft.com>
To: <*************>
subject: *** SPAM ***Security Update for OS Microsoft Windows
Date: Sat, 11 Oct 2008 10:14:45 +0100

MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed;
      boundary=”—-=_NextPart_000_0006_01C92B8A.2EF41880″

X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2741.2600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
Return-Path: <QWGMBD@hotmail.com>

 —–Original Message—–
From: Microsoft Update [mailto:customerservice@microsoft.com]
Sent: Saturday, October 11, 2008 3:15 AM
To: ********************
Subject: *** SPAM ***Security Update for OS Microsoft Windows

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

 If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

—–BEGIN PGP SIGNATURE—–
Version: PGP 7.1
7JL77FQNW5KG43VGW5UF19GG974RFBF06CLN3DM1MCSLBVOIV297D3VHYQ0A8FNUB
DN46XLFGQIJ9AFF56RL1TLXRDYBE767RGVPOZZJQ429FH9UPNRYV431Q40HVQFN6V
3ENU0PQFNKDQ9O1H6QRD4C1VNOC77RT3PNTSD670Y7VCXBLG4JJXTBOAKOSSHCAM7
PWQU9FV965AKOIKXZF6D41VXAK2OQR8NJ3QFWX4951ZX79CLN75M6RK7A464RHLGD
U39ERVVW238FYK21MBAY3V6U50C3EACLLPD==
—–END PGP SIGNATURE—–