REPORT SUMMARY
Date Reported
26th January 2004
Apparent Sender
Microsft
Subject
Security warning
Senders Address
(spoofed)
Security-center
(security-center@
microsoft.com)
Content
HTML message with
a heavily disguised
link to forged
Microsoft web page and
which uses URL
spoofing to add
a sense of
authenticity
(see image)
Spoofed Web page/site?
Yes
Web page/site
content
forged Microsoft
page
Web page/site origin
SPOOFED URL
http://
microsoft.com
TRUE URL
http://
d2341647.u35.
worldispnetwork.
com/update/
Identity Theft method
Deposits a virus (possibly the
W32.Mimail.J@mm
virus) on
users' computers
More...
Latest
email
scam
See our guide to
phishing scams
Other
Resources...
See our guides to
Free Utilities...
List of
Auction Sites
Microsoft Security warning - Email Hoax
26th January 2004
This Microsoft Email Hoax suggests that you visit a web page to download a security update cummulative patch ...
... but it is a hoax. The email supplies a link and a 'Go to download page' button which it insists you use to protec t yourself against the W32.Swen.A@mm virus. The link and button use cloaking to disguise its true destination. Virus software have had updated definitions to combat this virus since September, so risk of infection is low so long as you antivirus program is up to date.
The link and button have also ben coded to use URL spoofing which forces Internet Explorer browsers to incorrectly show a different URL in the address bar to the true location of the page that is being displayed (in this case, you would see http://www.microsoft.com, whereas the true location is http://d2341647.u35. worldispnetwork. com/update/).
This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker (which will also reveal the true origin of the web page that you are viewing).
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Email
Alerts
Add your email address to our email alert service...
Subscribe
Privacy Policy
RSS
News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including
My Yahoo!).
Scam Alert News Feed
You can even put the latest alerts on your own web site.
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others
The forged web page had been closed by the time that we had received the first report of this hoax, but we believe that it would have led you to a download for a recent virus. We will update this page when further validated information is available.
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
Take a good look at the following images, because this email scam may be coming to an inbox near you!
The Email ...
 |
|
|
|
|
|
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
|
