Fake MS email

[Noreen]

This was copied from another forum.

Fake Microsoft update

Researchers worldwide and VirusBuster customers alike reported malicious spam disguised as a Microsoft update message.

The message (quoted below) urges users to click on a link (or button) in order to install an "obligatory" Windows update. Though the URL referred to contains a section "update.microsoft.com" in the beginning, it ends in a completely different domain, such as "pid95.com". In fact it points to a malicious site using a wide range of IP addresses. A careful user can also discover a spelling error in the message: "intall".

Clicking on the link (or the button) will download a trojan dropper. The malicious code drops a driver component into the System folder (C:\WINDOWS\SYSTEM\aspimgr.exe), registers it as a server with the name "aspimgr" (displayed in the list as "Microsoft ASPI Manager").

VirusBuster detects both the downloaded trojan and the driver component as Trojan.PR.Agent.CWOJ .

The message text is as follows:

> URGENT: Please intall critical Windows XP/2000/2003/Vista update!
>
> Urgent Install Get critical update (obligatory)
>
> Concerned about privacy? When you check for updates, basic information
> about your computer, not you, is used to determine which updates your
> programs need. To learn more, see our privacy statement.

(Source: VirusBuster)

[Rik]

Thanks, Noreen. The advice is, as always, don't trust links in emails. (Why don't people start using digitally signed mail?)

[madasahatter]

The problem is that us "in the know" would immediately know this to be a crock of cack, but there will be so many people out there who wouldn't even think twice before clicking ( I know at least one prime example ) because it comes from MS - frightening really.

[Rik]

I know just what you mean, which is why I've long argued that people ought to take a basic proficiency test before being allowed on the 'net.

[madasahatter]

That would probably wipe out at least half the current users at a stroke 

[Rik]

No bad thing, imo. 

[Noreen]

What needs to be drummed into people is that MS NEVER send out security updates in emails.

[Rik]

Just as banks never ask you for login details in emails, Noreen. People don't seem to have learnt that one either.

[madasahatter]

One particular person I know (who shall remain nameless - I'll just say that she is blonde  ) will click on just about anything she sees - all the dodgy smiley links - every toolbar known to man and then some etc, and I am constantly sorting her PC out despite me telling her constantly to be careful, yet windows security updates? No - she doesn't want them - she doesn't know what they will do and she's heard nasty things about them!!

I've tried to sort this out with her SO many times, but I can't get the message through that there is a direct link between her clicking on cr*p and her PC messing up - it's sheer coincidence in her book, because so and so has that toolbar/smiley etc and they have no problems..............

Still - I sorted the windows updates - put them on automatic - I figure it's safer that way, and accepting the odd unwanted one, than not doing any at all. Now she wonders why sometimes things change, or the PC sometimes asks her to reboot it - I just smile and say that I'm not sure 

[Rik]

Discrete - I like that.

[Noreen]

I don't really care about idiots mucking up their own computers but it's the fact that they can end up mucking up things for the rest of us that worries me. I also know people who never install the basic critical MS security updates and have heard of some people who use no form of anti-virus or anti-spyware software because they believe that it won't happen to them.

[Rik]

You're right, Noreen - they are idiots and they do cause problems for the rest of us.

[Gary]

You're right, Noreen - they are idiots and they do cause problems for the rest of us.

Back to the dumb terminal Rik? people really do not realise what a time bomb the net is if you are stupid and don't try to even browse safely, I have washed my hands of some friends who year after year make the same mistakes without leaning anything, seems protecting their pc's costs to much so they cant be bothered, and don't try googling free firewalls and AV's though I'm not sure of the continued effectiveness of a free av in this day and age now, but its better than nothing

[Rik]

I do still believe the dumb terminal to be a good idea, Gary, with full access to computers being dependent on having done the test. Sooner or later, I suspect this will become necessary rather than desirable.

[Gary]

I do still believe the dumb terminal to be a good idea, Gary, with full access to computers being dependent on having done the test. Sooner or later, I suspect this will become necessary rather than desirable.

I agree Rik, the nature of the problem seems to be coming to light more and more with the likes of the storm worm and its bot net, turns out the Russians seems to be protecting some of its authors as the FBI know who they are but Russia wont help out, turns out the very organised crime there has friends in high places The net could be used for so much damage with a well placed DOS attack let alone the risk to us, it is only time before users have to do a test as you say. The terminal idea would solve so many issues for safety I for one think its a great idea.

[madasahatter]

I don't really care about idiots mucking up their own computers but it's the fact that they can end up mucking up things for the rest of us that worries me.

Exactly. 8)

[Simon]

I think it's more ignorance through lack of knowledge, rather than stupidity, although there are some exceptions!  I agree with the idea of proficiency training, but I still think many people are running unprotected computers on the Internet, and if there was something built into Windows to prevent this, it would go a hell of a way towards helping the situation.

[Noreen]

A few years a similar misfortune befell two of my cousins. Both worked from home making much use of email yet neither used any anti-virus software. The computers of both of them eventually got infected and it was nearly disastrous for them. One was doing consultancy work for Shell and managed to infect the computer of a Shell director and the other was producing a small magazine and lost contact just prior to the print deadline. Needless to say they both use anti-virus programs now!

[Simon]

The irony being, Noreen, they most probably infected each other!

[Noreen]

Actually no, Simon, they don't know each other.

[Simon]

[Rik]

Actually no, Simon, they don't know each other.

My family was a bit like that.

[Noreen]

One was from my mother's family and the other was from my father's.

[Rik]

My mother had a step-father, so there are all sorts of branches of the family that I've never met. Unfortunately, I didn't note it all down when it was still possible to ask questions.

[MoHux]

I think it's more ignorance through lack of knowledge, rather than stupidity, although there are some exceptions!  I agree with the idea of proficiency training, but I still think many people are running unprotected computers on the Internet, and if there was something built into Windows to prevent this, it would go a hell of a way towards helping the situation.

There is Si - It's called 'User Access Control'.   The first thing we do is switch it off!!