Re: New MS Security Phish

From: Bigbruva (Richardh_at_dontusethis.ws)
Date: 06/01/05 

Date: Wed, 1 Jun 2005 11:00:24 -0700

Just for the record this is not a "phishing" attempt it is an attempt to
trick you into running malware.
You did the right thing in not running it (MS do not send attachments like
this for anything!)
However if your AV scanner did not pick it up you should report it to them.
As you stated you are using Norton you should look here for info on how to
do this:
http://securityresponse.symantec.com/avcenter/submit.html

A great site to use to check file you are suspicious of is
http://www.virustotal.com/flash/index_en.html
They will scan the file with a 18 AV scanners and report to you the results.

I have just received a classic "phishing" attempt on my gmail account which
I have included for those that are interested

<snip>

We recently have determined that different computers have logged into your
PayPal account, and multiple password failures were present before the
login. One of our Customer Service employees has already tryed to
telephonically reach you. As our employee did not manage to reach you, this
email has been sent to your notice.
Therefore your account has been temporarily suspended. We need you to
confirm your identity in order to regain full privileges of your account.
If this is not completed by June
44444444444444444444444444444444444444444444, 2005, we reserve the right to
terminate all privileges of your account indefinitly, as it may have been
used for fraudulent purposes. We thank you for your cooperation in this
manner.
To confirm your identity please follow the link below:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank you for your patience in this matter.

PayPal - Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent
to this address cannot be answered.

</snip>

Notice the URL, this was a false label which in fact looked like this, minus
the <CRAPTOBREAKLINK> label I added to stop anyone getting to these b@stards
site!:
www.paypal.com.international-transaction.info<CRAPTOBREAKLINK>/webscr.php?cmd=LogIn

See how they try to make the URL look real by using "www.paypal.com" to
start the line but as URLs are read right to left by your computer this link
has nothing to do with PayPal it is just another attempt to trick people
into giving the phishers there personal details.
If you get an email like this report it to the real site if you can, in the
case of PayPal you do this by forwarding the entire email - including the
header information - or the site's URL to spoof@paypal.com

I hope that helps

BB

"Edwaleni" <Edwaleni@discussions.microsoft.com> wrote in message
news:E0BED8F4-CA4D-4DB3-82CF-ACCDAF4ACBAD@microsoft.com...
> This actually came in on my Yahoo account and the attachment was scanned
> by
> Norton AV service provided by Yahoo Mail. It checked OK.
>
> "Steven L Umbach" wrote:
>
>> Thanks for that info but note that this kind of malicious activity will
>> never stop. Best practice is to NEVER install an update that claims to be
>> from Microsoft via email or a link in an email. When in doubt always go
>> to
>> Windows Update website. Good antivirus protection that scans all
>> downloads
>> and email attachments is a must.--- Steve
>>
>>
>> "Edwaleni" <Edwaleni@discussions.microsoft.com> wrote in message
>> news:77AC0225-1468-42A4-B3F8-A5BC811286C1@microsoft.com...
>> > Listed below is a recent phish attempt I recv'd from someone attempting
>> > to
>> > be
>> > Microsoft. It also included a file called "update82.exe" which is
>> > 104k.
>> >
>> > I have not signed up for security updates. It came from the address
>> > ""Microsoft Security Section" <ynsmpitr@technet.msdn.net>"
>> >
>> > ********************************************************
>> >
>> > Microsoft All Products | Support | Search | Microsoft.com Guide
>> > Microsoft Home
>> >
>> >
>> > Microsoft Partner
>> >
>> > this is the latest version of security update, the "June 2005,
>> > Cumulative
>> > Patch" update which eliminates all known security vulnerabilities
>> > affecting
>> > MS Internet Explorer, MS Outlook and MS Outlook Express as well as
>> > three
>> > newly discovered vulnerabilities. Install now to continue keeping your
>> > computer secure. This update includes the functionality of all
>> > previously
>> > released patches.
>> >
>> >
>> > System requirements Windows 95/98/Me/2000/NT/XP
>> > This update applies to MS Internet Explorer, version 4.01 and later
>> > MS Outlook, version 8.00 and later
>> > MS Outlook Express, version 4.01 and later
>> > Recommendation Customers should install the patch at the earliest
>> > opportunity.
>> > How to install Run attached file. Choose Yes on displayed dialog box.
>> > How to use You don't need to do anything after installing this item.
>> >
>> > Microsoft Product Support Services and Knowledge Base articles can be
>> > found
>> > on the Microsoft Technical Support web site. For security-related
>> > information
>> > about Microsoft products, please visit the Microsoft Security Advisor
>> > web
>> > site, or Contact Us.
>> >
>> > Thank you for using Microsoft products.
>> >
>> > Please do not reply to this message. It was sent from an unmonitored
>> > e-mail
>> > address and we are unable to respond to any replies.
>> > The names of the actual companies and products mentioned herein are the
>> > trademarks of their respective owners.
>> >
>> > Contact Us | Legal | TRUSTe
>> > ©2005 Microsoft Corporation. All rights reserved. Terms of Use |
>> > Privacy
>> > Statement | Accessibility
>>
>>
>>