Posted 10/16/08 at 04:07:25 PM by Mark Edward Soper
I know it, you know it, almost everybody that reads Maximum PC knows it - but that doesn't mean that your family, your co-workers, or your bosses know it. What's it? Simply this: Microsoft never - repeat never - sends out security updates via email.
Cnet reports that yet another fake security email purporting to be from Microsoft is busy delivering a nasty Trojan called Haxdoor to unwary emailboxes near you.
The email, ironically enough, claims that "Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users." And, it's signed "Steve Lipner, Directory of Security Assurance, Microsoft Corp."
Well, at least the bad guys got Steve's name right. However, he's actually senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group, according to a recent interview.
The message (minus the Trojan, of course), is available at the Microsoft Malware Protection Center blog, where you can see for yourself the classic hallmarks of a fake message: a shaky command of the English language, sentence construction that's so stiff it looks as if it belongs on a Victorian-era calling card, and off-the-wall sentiments that show it was adapted from a different con job document: "We apologize for any inconvenience this back order may be causing you." Back order? Whaat? I didn't order any malware!
If you've been called in by baffled family, friends, or co-workers only after Haxdoor's done its work (system slowdowns, popup ads and other nasty business are typical symptoms), check these links for help:
After you solve the problem, remind them: Microsoft never - repeat never - sends out security updates via email.
Know somebody who's been hexed by Haxdoor? Have a clever way to get rid of it? Seen other recent examples of Haxdoor fakery? Hit Comment and share your stories.
© 2009 Future US, Inc. All Rights Reserved.
Links:
[1] http://www.maximumpc.com/user/marcus_soperus
[2] http://news.cnet.com/8301-1009_3-10066541-83.html
[3] http://www.microsoft.com/security/portal/Entry.aspx?Name=Backdoor:Win32/Haxdoor
[4] http://www.microsoft.com/
[5] http://www.microsoft.com/presspass/features/2008/sep08/09-16lipnersdl.mspx
[6] http://blogs.technet.com/mmpc/archive/2008/10/13/email-scam-targets-microsoft-customers.aspx
[7] http://www.f-secure.com/v-descs/haxdoor.shtml
[8] http://www.symantec.com/security_response/writeup.jsp?docid=2006-072413-3859-99
[9] http://www.symantec.com/security_response/writeup.jsp?docid=2007-011109-2557-99
[10] http://research.sunbelt-software.com/threatdisplay.aspx?name=Haxdoor.Fam&threatid=44159
[11] http://www.sophos.com/security/analyses/trojhaxdoorin.html
[12] http://www.maximumpc.com/article/news/malware_miscreants_selling_trojan_guaranteed_evade_detection
[13] http://www.maximumpc.com/article/news/malware_rise_blogspot_no_1_offender
[14] http://www.maximumpc.com/article/news/most_malware_served_up_legit_websites_that_have_been_compromised
Comments
Print
Email
