Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 13 October 2008 10:24

Watch out for fake Microsoft 'œSecurity Update' email

By
Online criminals are once again trying to fool computer users into loading malware onto their computers, this time using an email with a “security update” attached, purporting to be from Microsoft.

Social engineering threats that target users, rather than known or unknown flaws in operating systems and software have been on the rise for years, from the Melissa and I Love You viruses, through to promises of naked celebrities, updates for the Windows Firewall, classic banking phishing emails and now a so-called Microsoft security update.

I know of one couple of that actually installed the “Windows Firewall” update that went out a few months ago, only to find their computer infected by malware that tried to get them to buy software to remove all the supposed viruses on their computer – which they then purchased using PayPal!

Removing it was easy enough, they even managed to get Paypal to refund the money they’d spent on buying the dud software, which was nice to see, but it does show just how clever the online crims have become at fooling users into voluntarily loading malware onto their computers.

The latest email has the subject line “Security Update for OS Microsoft Windows”, and has KB386881.exe as an attachment – a “backdoor” Trojan Horse and malware.

I’m using Norton Internet Security 2009, which detected and automatically removed the attachment, telling me that KB386881.exe was really the “Infostealer” threat, thus protecting me from myself had I actually decided to install the attachment, which I would never have done.

In addition, Outlook itself (along with webmail programs such as Gmail) either would have blocked the .exe attachment or in Gmail’s case used its own internal anti-virus systems to neutralise the threat, but clearly the online criminals were hoping not everyone was using suitably cautious email software or without the latest anti-virus protections.

After all, only a small number of people need to be infected for the online criminals to declare success, then joining those computers to botnets, stealing personal information or doing whatever they wanted with the computers they now had under their control through malware that is effectively a Trojan Horse.

So, what did the offending email actually say - and how can you easily protect yourself? Please read on to page 2.


Well, the email sounds legitimate enough. The subject line, as we already know, says “Security Update for OS Microsoft Windows”.

The email then says: “Dear Microsoft Customer,

“Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

“Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

“Since public distribution of this Update through the official website https://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

“As your computer is set to receive notifications when new updates are available, you have received this notice.

“In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

“If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

“We apologize for any inconvenience this back order may be causing you.

“Thank you,

“Steve Lipner
Director of Security Assurance
Microsoft Corp.”

The email ends with:

“-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

X0NV4E8RL1VX591EXTEZL3TC6VZLOVX76RJ9PRV17IAM39SU0X5Y9BRYOH6N6L9PQ
SJHD5DOT78U66JJT7N6Z2WYCEMCEN3RY2KIAKUO3DZOF12FV8PDLR8HMA4YPQBENU
LCTPQOH0D628ZBGH4TEYSUB28985KU41VZNJTEN5DY7GGSUCDN290TG7BRMBHOHCD
TRWYB6FFJI38D1632EZYQOTQNVXF5R28BR0VN324F6WXH3JI2PP19DA67Z6OI1IOT
CTF48CTEA48H0OIMAY9LDAVNJW61UQPPRVL==
-----END PGP SIGNATURE-----“

So, how can you protect yourself? It's not hard and you can ensure online crims won't get your data! Please read on to page 3...


Quite how an update pushed by Microsoft to Windows Update would “have result in efficient creation of a malicious software” is unknown, but clearly the malware writers are preying upon everyday computer users who wouldn’t know this statement is just a load of bunkum.

Note also the poor English in use – the text should say “would have resulted”... even “Millenium” is misspelled  - it should have two n’s.

If only online criminals were smart enough to get a native English speaker to check their emails before sending them off in the tens of millions around the world, they might actually have more success.

Also laughable is the statement: “we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users”, although once again, most everyday computer users might actually fall for this statement. 

Being aware that Microsoft, banks and other organisations do not send updates or password requests via email, or conducting “experimental private” tests via email is one key to avoid being duped by these ridiculous (yet to some degree successful) attempts at social engineering.

Becoming “street web wise” to these kinds of social engineering tricks is one way to protect yourself – if you’re the slightest bit suspicious, the safest action is not to proceed!

Things you can do include:

- Making sure you have the latest paid 2009 “Internet Security” suite from whichever vendor and making sure it is updating itself automatically. Norton Internet Security 2009 is a great option, AVG Internet Security 8 (the full version) has “LinkScanner” software contained within to check, in real time, the veracity and safety of the site you’re about to visit.

These security packages will also scan your incoming emails and will automatically neutralise malware threats, as happened to me.

- Cobbling together your own Internet security suite from free programs (such as AVG Free or Avast Free for anti-virus, ZoneAlarm Free as a better firewall than the one loaded into Windows XP or Vista, Spybot Search and Destroy or Lavasoft’s Ad-Aware to remove malware.

- Buying a browser security package (only for IE and Firefox) like ZoneAlarm ForceField which "virtualises" your browsing sessions so anything you are infected by doesn't actually get loaded onto your computer.

- When banking online or using other transactional websites, you could also consider buying a browser independent transaction security solution like TrustDefender. TrustDefener identifies malicious crimeware such as the "Yaludle" Silent Banker Trojan which is targeting banks in the USA, Spain, Australia and Germany, as well as other trojans, rootkits, keyloggers and other sophisticated viruses (whether known, and importantly, even if unknown) as these malicious applications will augment your anti-virus/anti-malware security to a completely new level.

Or doing all of the above, while being careful what you click on and which attachments you open, knowing that more than ever, we digitally live in the wild, wild web, and the online crims really are out to get us all – whether you’re using Windows, Linux, Mac OS X or something else.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments