Beware of messages apparently from Microsoft!

ZYRA's front page //// INTERNET //// e-mails //// site index

This item is a special feature of the ROGUES GALLERY OF SUSPICIOUS E-MAILS

Messages apparently from Microsoft should be considered with caution!

You receive a message from Microsoft Security and it has warnings about viruses, and it looks quite official. So, shouldn't you take their advice and run the attachment?! NO! DON'T DO IT! I can tell you now that this type of thing is not usually from Microsoft themselves but from various impersonators! Here's an example of the sort of thing:

<attachment: q216309.exe>

----- Original Message -----
From: Microsoft Corporation Security Center
To: Microsoft Customer
Sent: Tuesday, March 19, 2002 5:22 PM
Subject: Internet Security Update

Microsoft Customer,

this is the latest version of security update, the
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.

Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.

System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.

For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at rdquest12@microsoft.com

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.

Don't be fooled by this! For one thing, Microsoft doesn't send spam to loads of random e-mail addresses. Messages that were from the actual Microsoft would have your personalised contact in. There are also linguistic clues in the letter, but the real giveaway clue is that Microsoft would not ask you to run a .EXE file in an e-mail attachment!

Special points of guilt and innocence on this: I know a lot of us aren't happy with Microsoft because they're trying to take over the world and/or because we don't think the software is very good, but on this "Microsoft message" here, Microsoft is NOT GUILTY! So, don't blame them! Also, curious as it may seem, if you catch the person who sent you the message, they are innocent too! In fact, if you have been conned by the message and run the attachment you'd now be an inadvertent sender of such messages as your computer would be infected with a virus which would use your contact list and send the message to all the people in your address book!

What to do about this if you receive such a message: Forward a copy to Microsoft at a generic Microsoft e-mail address, then have a look at "properties" and "details" and find out who actually sent you the message. This will almost certainly be some unsuspecting person who has been caught out by the trick. Write a polite e-mail to this person telling them that their computer has caught a virus because they ran an attachment in a bogus e-mail pretending to be from Microsoft. They'll probably thank you for it and forward a note on to whoever sent them the hoax message too!

But what about the GENERAL CASE? How can you tell if any message is or is not genuine? One of the easiest ways is to copy unique-looking bits of the message into a search engine and see if anyone has written about it being a hoax. A cleverer approach is to look at who the message appears to be from and then contact them by a method other than those described in the message. Ideally, when making your mind up about the truth or falsehood of things, get several independent sources of information about them.

Also see: anti-virus measures

Also see the Yahoo Games Screensaver message

News 2003/09: Another Microsoft Hoax! See Microsoft Cumulative Patch

News 2004/01: Yet Another! See Windows XP Service Pack 1 (Express) - Critical Update.

Interesting News 2008/10: Antivirus software sometimes doesn't spot these things! See Steve Lipner says "Dear Microsoft Customer"...