Skip to content

Fake Windows update ignored by Outlook's email defences

We’ve just received the following fake Microsoft message with a nasty file attachment. Though most email programs (including Outlook 2003 and 2007) block .exe file attachments by default, it’s surprising that the entire message doesn’t end up in the Junk Email folder.

We’ve just received the following fake Microsoft message with a nasty file attachment. Though most email programs (including Outlook 2003 and 2007) block .exe file attachments by default, it’s surprising that the entire message doesn’t end up in the Junk Email folder. Just the presence of a ‘exe’ attachment should be enough to put most emails into the suspicious category.

If you see this message – or anything like it – just hit the delete key. It’s a total fake.

For obvious reasons, Microsoft never distributes updates via email. All updates are always via Windows/Microsoft Update or direct downloads from the Microsoft.com web site – any other ‘updates’ should be ignored.

As with the fake CNN emails, we’d expect to see variations on this type of junk email in the weeks ahead – so don’t just lookout for this particular email – watch for it to evolve into other forms.

The current message supposedly comes from ” Microsoft Update Center [[email protected]] ” and contains an attachment KB825559.exe (which you should NOT open ).

The message text:

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com/ would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:

1. Run the file, that you have received along with this message.

2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner

Director of Security Assurance

Microsoft Corp.

—–BEGIN PGP SIGNATURE—–

Version: PGP 7.1

S81SL6AIDK57T8JG9SSMIQK00D7H8FJNVR2SYDW7DYJ57ZYYGZNTZQ24WKZFQDF58

YUEIIXNXPARYUEUORO8052NP8WPQ36D87PPJS1OWH707HWUWP4B2DK7XHC5TMKNPM

NLBC4MTLQI6KK5SC62JD8JOVI4DTC8XQBFV1JQHU5IOL6N9VQ3ZR8ZO5OL05V8HRA

1FA87Z40GF857HB9NG4DN4MH3GP8PG2Q9UDBYOEZ9M1C46SBR557VZWTNC0LC06HW

EV9S7LXTG5K3TALYZY7N4Y7IZYDHA0GGCLJ==

—–END PGP SIGNATURE—–

About this author