Win32/Haxdoor Email Scam: Don't be Fooled
Win32/Haxdoor Email Scam: Don't be Fooled
Submitted by Dennis Faas on Fri, 10/17/2008 - 08:00
A new variation of a fake Microsoft security notification email is reportedly being circulated.
Attackers appear to be taking advantage of Microsoft's Patch Tuesday to send legitimate looking emails claiming to be a security email from Microsoft with an executable file attached, which it claims is the latest security update. It encourages the recipient to run the attached executable so their computer will be safe.
The email is different than previous versions as it claims to be signed by Steve Lipner, an actual Microsoft employee, and has what appears to be a PGP signature block attached to it. The attached executable is actually malware containing Backdoor:Win32/Haxdoor.
Some Reminders From Microsoft
Microsoft NEVER sends attachments with their security notification emails. If you receive an email with an attachment claiming to be a Microsoft notification, delete it immediately. An authentic Microsoft security notification email directs you through links in the email to the online Security Bulletin. You should always get Microsoft updates through links in the security bulletin or through Microsoft's deployment tools (Microsoft Update or Windows Update, Windows Software Update Services (WSUS) or Systems Center Configuration Manager).
Microsoft security notification will always come in plain text format, not HTML. If a Microsoft security notification comes in HTML format, delete it.
Microsoft uses Pretty Good Privacy (PGP) to sign their security notification emails, but the mere presence of a PGP signature block in an email does not mean that the email is authentic. To authenticate a PGP signed email claiming to be from Microsoft, get a copy of their current PGP signature from TechNet Security and use the PGP software to check the PGP signature against their signature.
Every security notification email sent by Microsoft is ultimately sent from the TechNet security site. An example of the fake email, as well as an explanation of damage the malware can do is available from Trend Micro and Microsoft.
Visit Bill's Links and More for more great tips, just like this one!
Rate this article:
Category:
Need Help? Ask!
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.