This morning I received some spam in my inbox that was especially disturbing. It wasn’t your usual type of spam that helps increase or decrease things (wink wink)… This particular spam appeared to come from Microsoft and was quite convincing. Have a look:
What I find disturbing is how real this email appears. I would guess that an average person would look at this email and think that it actually came from Microsoft. Someone might be so inclined to search the internet to see if there really is an update for Outlook using the article ID KB910721 (there is such an article but it’s for Exchange and not Outlook).
How do I know it didn’t come from Microsoft? Well a couple of reasons… First, Microsoft never sends out attachments, rather they direct you to the Microsoft Updates for all patches. Second, if you look at the header of the email you can see evidence that it either originated or was forwarded through a mail server named turboconrad.planet-school.de:
I am pretty confident that Microsoft doesn’t relay their email through turboconrad.
It’s interesting to note that Outlook automatically stripped the attachment from the email, preventing me from opening the attached ’update’ even if I was fooled enough to believe the email. But what about the many other mail programs that don’t filter attachments? I wonder just how many people will be fooled by this email.
UPDATE: I uploaded the attached file to VirusTotal to confirm my suspicions that the attachment is a Trojan or Virus. As expected the report came back with several confirmed traces of Trojans. Needless to say, you do not want to be running this executable on your computer!
Wed, Jun 17, 2009
Security, Technology