Friday, June 29, 2007

Phishing / spoofed emails purporting to be from Microsoft

According to several sources around the Internet we've seen a dramatic rise this month in phishing emails claiming to be from microsoft.com. The gist of the scam is that a critical update for Outlook, Windows or some other Microsoft application is available and should be installed immediately. Reports state that some of these emails contain an attachment - the supposed fix - while others state that the email contains links to downloadable content.

These links or attachments are not real fixes, but instead are (typically) trojans designed to turn your computer into a botnet slave.

Worse, these spoofed emails often address you by name, which makes them harder to distinguish from the real thing. That also means they may originate from an infected computer of someone you know, and that person has your contact information.

You might have heard that Microsoft never sends out email about current or upcoming critical hotfixes. This is not the case, which unfortunately makes the phishing attempts easier to conduct.

Here are the facts:

1) Microsoft does send out email alerts, but only for those people that opt-in to receive such reports via Security, Technet, MSDN or Partners at microsoft.com. Each security email that Microsoft sends is signed with a certificate or PGP key (although it's up to the user to verify the key.)

2) Such emails NEVER contain executable attachments of any kind. Nor do they contain links that directly download installable patches.

3) The emails usually contain links to online reports hosted on microsoft.com about the vulnerability or bug in question.

What you should do:

If you know you've never signed up for such email notifications, delete any such unexpected emails you receive -- don't click attachments or links within them. Even better zap them before opening or reading them.

Whether or not you remember signing up for these email updates from Microsoft you should treat any email with caution. It's my recommendation that you not click links in such emails, but instead visit the official update.microsoft.com site to see what updates are available. From there you may also visit the reports or knowledge base articles about the updates.

Administrators for multiple systems should already know where to go to read about patch details for various operating systems and application groups.

Links embedded in this entry open in a new window or tab.