Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Thursday, June 28, 2007 9:59 AM PT Posted by Erik Larkin

Fake Microsoft Attack E-mails Hit Inboxes

Fake e-mails that appear to warn about an Outlook zero-day security threat but instead attempt to install malware are making the rounds, according to the Internet Storm Center.

According to an example in the ISC's post, the e-mails are personalized with at least the first name of the intended victim and appear to come from "Microsoft Corp update@microsoft.com." They read as such:

You are receiving this message because you are using Genuine Microsoft Software and your e-mail address has been subscribed to the Microsoft Windows Update mailing list.

A new 0-day vulnerability has appeared in the wild and was reported for the first time Monday, June 18th. The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull.


As with previous personalized attacks, this message is well-crafted compared to most attack e-mails. On a scan, I noticed two typos in the sample - "Outllok" instead of "Outlook," and "succesful" instead of "successful." But those are minor compared to the egregious grammatical errors that usually give away these spoofed messages.


A link in the e-mail that supposedly points to a Microsoft patch will instead download a Trojan onto your computer. We can expect to see more examples of these relatively well-engineered attacks, so be on your guard. The messages so far have gone back and forth between using attachments and download links to spread their payload.

Comments
Post a comment Post a comment
Recent Posts
Google Goggles: No More Inebriated E-Mailing
iPhone Gets Google Street View
MyKey Turns Your Ford Focus into Your Mom
Hulu to Stream Presidential Debates Live
Can iPhone's Carrier-Switching Magic Be Replicated?
Microsoft Gains Traction in Search Wars with Desperate Ploy
Hands On with the Revamped Ask
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: