Update Phishing

I just got a spam/phishing email that looks exactly like a Windows Update notification, and every link in the email is to a real Microsoft site, save one. The download link, which I must “Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer,” goes to a file named Windows-KB835935-SP2-ENU.exe on the domain windowsupdatenow.net. I’m sure the exe will do awful things to whoever falls for this. I hope Microsoft/Scoble get their lawyers on whoever is behind this, I’ll admit until I noticed the download link domain the email seemed totally legit.

21 thoughts on “Update Phishing

  1. Miscrosoft would never send anyone letters about any of their security updates. Thye just don’t do it for a good reason. And people who still believes mails like this one, should shut down their pc and get something else to do πŸ˜›
    Internet is a dangerous place, you know…

  2. By the way, the guy haven’t even packed exe file, so much trouble spamming people and not even protecting his package… It’s a virus called Virus.Win32.Parite.b, more info on it here and here.

  3. Max, surely the point is that if someone like Matt (who, I think we can assume, isn’t exactly a newbie) has to look twice to tell if it’s a fake, then the people “who still believe mails like this one” are even more likely not to know. I’m more concerned about my (newbie!) father receiving a totally plausible e-mail like this one — especially since these messages (much more than the online banking ones) are preying on people’s lurking suspicion that “internet is a dangerous place”. The banking scams don’t worry me so much — after all, I’ve yet to receive a single one from a bank I’ve even heard of! — but these ones are much more potentially dangerous, given the proportion of ordinary users (i.e. not power-users) who use Microsoft operating systems.

  4. Agreed. When my mom got her PC (and right now she owns her own online shop) I said her to open mails *only* from people she knows. Easy and that eliminates 99,9% of all spam/phishing mails. Also installing some spam filter plugin for a good (no, not Outlook) e-mail client usually helps too πŸ™‚

  5. Max, judging by the Web-based access to my parents’ account (where read/unread is shown), they still open spam to have a glance. I have to erase the spam for them. That’s why I moved all their correspondence into a Wiki. E-mail is a freaky thing these days, even though it wasn’t a decade ago.

  6. This is why Microsoft employees concerned with security complain about the supposed safety of the Mozilla suite. When downloading updates with IE (via Outlook), the browser will inform you of the dangers of running an executable that verifiably does not come from Microsoft itself.

    With the hooplah about security in Firefox, it seems almost irresponsible that it substitutes an easily overlooked message of “don’t run stuff you don’t know” for what should be a genuine attempt to verify the authenticity of a download and confirm the user’s intent to download something potentially harmful.

    Phishers like this and their effects are scary, and it’s one less thing that novice (or even pro) computer users should have to worry themselves about.

  7. Wow. That is tricky.

    The other day, I got this phishing e-mail. It was brilliantly designed. Basically it is made to look like one of those e-mails that are sent to you if you get an e-card from someone. It looked totally legit. Except, I didn’t notice that it said “Hello!” instead of “Hello Chris!” and it didn’t say who sent it, like an e-card notification normally said.

    But I didn’t catch it. I was totally fooled and clicked before I saw the URL. Norton thankfully caught the virus and stopped it.

    What a scare though. First time I ever fell for an e-mail scam.

    To me, it is even scarier then Matt’s Windows Update e-mail. Because at least those who are educated know that Microsoft doesn’t send e-mails about security updates. An e-card…well, who hasn’t gotten one?

  8. Chris,

    This is exactly my point– that those who aren’t educated are going to view Microsoft security update e-mail pretty much the same way you viewed your fake e-card e-mail. After all, if the ‘don’t open unknown e-mails’ message really had permeated around the world, viruses like these ones wouldn’t still cause the havoc that they do.

  9. Max: You say people who are tricked should quit the internet. Do you really want to let non-geeks be scared away from the online community? I don’t.
    Roy: Maybe a wiki isn’t the best answer but it is a step away from email, probably a step in the right direction as long as it is a primary channel for internet predators.
    As for communication in general, when you put yourself out there to send or receive any kind of message you put something at risk. History is full of examples, most notably plagues. There can never be an expectation of risk-free communication. Don’t let that stop you from communicating.

  10. These are the sort of times that I wonder if there might be something to the vigilante efforts like AA419. If they can just download the little nasty a couple hundred thousand times and knock out the server, it prevents real victims from getting it.

  11. Andy, I know that Wiki-based correspondence isn’t ideal. There is the edit-lock issue.

    What I recently has in mind is correspondence using feeds. You can create channels of communication and broadcast message to your friends, colleagues and family (and vice versa). This will work once more people are ‘RSS-enabled’.

  12. I used to always delete those Microsoft updates, be them real or not. Then my computer came under attack from something else, and I ended up having to get a new one.

    You gotta know when to hold ’em.

  13. I think the point that Matt is really trying to make is that phishing is getting more sophisticated all the time. Re-read the part where he mentions that all but one link in the email was legitimate. I have the same tendency when looking at questionable email: float the cursor over all of the links in the piece of mail to see exactly where people are trying to steer me. It’s a good habit to develop although it’s ultimately useless for since I’m using Evolution as my mail client on a platform that wouldn’t run most of the goodies the scum are throttling us with.

  14. Surely the easiest solution to all these emails is simply upgrade your Operating System. OS X and Linux srping to mind. Not only do you get a security boost, but also a far better all round experience (well, with OS X at least!)

  15. Has anyone ever received a snail-mail letter that looks incredibly official on the outside, only to find it is just another unsolicited letter? I sure have.

    Yes, it’s true that “phisher’s” are getting more and more sophisticated. This is probably users are getting smarter and smarter. Email clients like Gmail are getting more and more sophisticated too.

    I’m afraid that I have to agree with Max. His statement even goes further than computers. How many times have you heard on the news that so-and-so spent $10,000 on home improvements and they contractor never did any of the improvements, or so-and-so gave their entire life savings to such-and-such for some completely ridiculous reason. It happens all the time. What are we supposed to do here? Install a protector in each household that will not allow someone to get bitten by these evil people? No. We need to keep attempting to educate them to not do such things. If that doesn’t work, there really isn’t anything else we can do.

    It’s been stated over and over again. No company, bank, etc…, will ever solicit information from you via email. If they do, either go to the website by typing in the address you know by hand or call them on the phone to verify they want this information. The same is true with IM’s and snail mail for that matter.

  16. Well, heck, one day real now soon we’ll all be communicating by Atom feed. You subscribe to mine, I’ll subscribe to yours. End of spam and phishing problems, n’est ce pas.