Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Be Aware:

Guest Reimar

By Guest Reimar
in IT and Computers

 Share

Recommended Posts

Guest Reimar

Guest Reimar

Posted
Posted

Messages insisting that users install a just-released Microsoft Corp. security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies warned today.

The spam, which touts "Microsoft Security Bulletin MS07-0065 -- Critical Update" as its subject and appears to come from "[email protected]," claims users should download a June 18 security patch and provides a link to a URL that looks legit.

"A new 0-day vulnerability has appeared in the wild," the message reads. "The vulnerability affects machines running MICROSOFT OUTLOOK and allows an attacker to take full control of the vulnerable computer if the exploitation process is succesfull [sic]." It goes on to boast that 100,000 PCs have been hijacked so far by unnamed malware exploiting the bug.

However, the link takes users to one of several different attack sites that download a Trojan horse to the machine. "Security bulletins from Microsoft describing vulnerabilities in their software are a common occurrence," noted Graham Cluely, a Sophos PLC analyst, in a statement today. "[but] by using people's real names, the Microsoft logo and legitimate-sounding wording, the hackers are attempting to fool more people into stepping blindly into their bear trap."

The SANS Institute's Internet Storm Center and Symantec Corp.'s DeepSight threat network have also issued alerts on the fraudulent messages.

Playing the legitimacy card is an important "scam-spammer" technique, James Blascovich, a professor of psychology at the University of California, Santa Barbara, said yesterday in a just-released paper on the mind games attackers play to persuade people that it's safe to open suspicious e-mail. The fake security alert, for example, refers to "Genuine Microsoft Software," a phrase the company itself heavily promotes; uses the recipient's first name in the body of the message; and includes a purported product registration key.

Alert users, however, will be immediately suspicious of the message -- and not just because of the typical-for-spam misspellings -- but because it labeled the update "MS07-0065." So far this year, Microsoft has only reached MS07-035 in its numbering system.

Luckydog Silver Member

Luckydog

Posted
Posted (edited)

Since nearly every Windows XP etc are copies, it is a bad idea to try to get a lovely update from

them is it not?

My neigbour did the other day and it seems they have done something to corrupt his system.

Who can blame them?

Edited by Maestro
Special formatting of entire post removed.
Who, me ? Gold Member

Who, me ?

Posted
Posted
Since nearly every Windows XP etc are copies, it is a bad idea to try to get a lovely update from

them is it not?

My neigbour did the other day and it seems they have done something to corrupt his system.

Who can blame them?

I hope your estimation is wrong........I have a genuine one, and would never think of having a copy. That's too risky. I think that everyone with a minimum of common sense would understand the risk of having a fake program of such importance....

dominique355 Gold Member

dominique355

Posted
Posted
Since nearly every Windows XP etc are copies, it is a bad idea to try to get a lovely update from

them is it not?

My neigbour did the other day and it seems they have done something to corrupt his system.

Who can blame them?

He should blame himself. Get an original Windows XP.

And haven't I told you NOT to use Outlook? Use Thunderbird instead.

PS: Luckydog, nothing personal, just a coincidence and a big, loose mouth on my side.

lopburi3 Legendary Member

lopburi3

Posted
Posted

The most that Microsoft will do is install software to alert you (nag screen) that your XP software is not legit and provide a method to correct that. Security updates will continue to be installed. I have not heard of any change in that policy and do not believe there has been.

sjaak327 Gold Member

sjaak327

Posted
Posted
The most that Microsoft will do is install software to alert you (nag screen) that your XP software is not legit and provide a method to correct that. Security updates will continue to be installed. I have not heard of any change in that policy and do not believe there has been.

Correct, security updates can still be installed and downloaded through windows update Ms update or manual, but non critical updates that require validation cannot be downloaded from Microsoft anymore, some of them (IE7 and WMP11 for instance) even include a WGA component in their installer, so without tweaks won't install.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...