One MSUpdate You Don't Want!

If you religiously install all Microsoft Updates, then this is something you really need to be aware of before it is too late!

Here is a screenshot of something a little different I received in my inbox this evening, it is an e-mail that says it has been sent by 'Microsoft Corp':



This nicely formatted e-mail that says it has come from Microsoft and tells you that that 'Microsoft recommends that customers apply the update immediately following the links below corresponding to your system', there then follows three links to click on. However, clicking on any of the links in the e-mail takes you to the site shown in this screenshot:



How many of you would have believed that this is a screenshot of the real Microsoft Update site and then proceeded to download the 'Patch' offered?

Very convincing isn't it? Looks like the real thing... [almost as good as the YouTube one from yesterday!]

But it isn't the 'real' Microsoft Update site at all [or any other 'real' Microsoft site], and to make matters worse for anyone that believed it was the 'real' site and then downloaded the 'Patch' offered, not only didn't they download and install 'MS07-055', they now have an infected computer, just because they let misplaced trust in a company name [Microsoft] get the better of them.

I'll repeat what I wrote yesterday for the YouTube blog posting:

"It looks like the malware authors have been taking lessons from the Phishers, as this is a very well done 'Fake' site and using this level of social engineering means that more people will fall for this and infect their computers, which may well mean that if the malware offered is a bot, or proxy then the infected computer could soon be sending out lots of spam or taking part in a DDoS attack [Distributed Denial of Service]."

More data on the file and the level of detection when I first found it [very, very low], can be found here on my VSUB blog.

If you are going to install updates at least make sure they are genuinely from Microsoft and not a product of the Bad Guys and Girls who must have seen the last very effective use of this technique, as used by Swen... talk about Deja-vu! ;-)