Possible Spam from Microsoft poser?

[caysimpson]

My boss received an email in his Junk folder that says it's from Microsoft.
I'll copy some if it here except the links and urls in case it is spam. We
have automated updates - wouldn't this fall under that category? Any
suggestions would be welcome. Here's part of the email message:
Critical Update
Update for Microsoft Outlook / Outlook Express (KB910721)
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express.
This update is critical and provides you with the latest version of the
Microsoft Outlook / Outlook Express and offers the highest levels of
stability and security.
Instructions
*To install Update for Microsoft Outlook / Outlook Express (KB910721) please
visit Microsoft Update Center:
This is where it gives the URL.

 

[F.H. Muffman]

My boss received an email in his Junk folder that says it's from
Microsoft.
I'll copy some if it here except the links and urls in case it is
spam. We have automated updates - wouldn't this fall under that category? Any
suggestions would be welcome. Here's part of the email message:
Critical Update Update for Microsoft Outlook / Outlook Express (KB910721)
Brief Description Microsoft has released an update for Microsoft Outlook / Outlook
Express. This update is critical and provides you with the latest version of
the Microsoft Outlook / Outlook Express and offers the highest levels of
stability and security.
Instructions
*To install Update for Microsoft Outlook / Outlook Express (KB910721)
please visit Microsoft Update Center:
This is where it gives the URL.

While I'm pretty sure that Microsoft doesn't generally send out emails regarding
critical updates, it's pretty easy to tell if its a valid email or not.

Look at the header.
Look at the url.

Is the url going to a microsoft.com address?

 

[caysimpson]

See, that's where it gets tricky. The beginning part of the url is
update.microsoft.com.ikl1l1.com/microsoftofficeupdate/isapdl/.... then a lot
of other stuff - does this appear correct?

 

[F.H. Muffman]

See, that's where it gets tricky. The beginning part of the url is
update.microsoft.com.ikl1l1.com/microsoftofficeupdate/isapdl/....
then a lot of other stuff - does this appear correct?

No, it most definitely does not.

Think of it this way.

Everything up to that little forward slash, the /, is the address the url
is going to.

So, take out everything after the /.

Just because 'microsoft.com' is in there somewhere doesn't make it a
microsoft.com address.

Domain names are read from right to left, least general to most general
(although they aren't spoken that way).

So, compare update.microsoft.com to update.microsoft.com.ikl111.com.

See the difference?

 

[caysimpson]

Thanks! That's kind of what I thought, but I wanted to be certain. Many
thanks for answering my question.

 

[Tom Willett]

MS does not sent attachments by email.
This is a spam with malware attached. If you run it, your computer will be
infected by this new scam.

: My boss received an email in his Junk folder that says it's from
Microsoft.
: I'll copy some if it here except the links and urls in case it is spam.
We
: have automated updates - wouldn't this fall under that category? Any
: suggestions would be welcome. Here's part of the email message:
: Critical Update
: Update for Microsoft Outlook / Outlook Express (KB910721)
: Brief Description
: Microsoft has released an update for Microsoft Outlook / Outlook Express.
: This update is critical and provides you with the latest version of the
: Microsoft Outlook / Outlook Express and offers the highest levels of
: stability and security.
: Instructions
: *To install Update for Microsoft Outlook / Outlook Express (KB910721)
please
: visit Microsoft Update Center:
: This is where it gives the URL.

 

[N. Miller]

My boss received an email in his Junk folder that says it's from Microsoft.
I'll copy some if it here except the links and urls in case it is spam. We
have automated updates - wouldn't this fall under that category? Any
suggestions would be welcome.

I get Microsoft Security Bulletins because I subscribed to receive them.
They never contain attached files, only links to KB articles about Critical
Updates. Microsoft ***NEVER*** sends updates as attached files; not even
through their subscription Security Bulletins. Certainly not unsolicited!

 

[N. Miller]

Thanks! That's kind of what I thought, but I wanted to be certain. Many
thanks for answering my question.

Also, beware of masked links. When reading email with HTML active, there are
tricks which will hide the actual destination link, leaving only an
apparently safe link visible.

 

[F.H. Muffman]

I get Microsoft Security Bulletins because I subscribed to receive
them. They never contain attached files, only links to KB articles
about Critical Updates. Microsoft ***NEVER*** sends updates as
attached files; not even through their subscription Security
Bulletins. Certainly not unsolicited!

True, I should have included that 'unsolicited' caveat, tho I must have missed
something. Where did the original poster mention attachments? You're the
second person to point out that MS never puts attachments on their mails...

 

[Tom Willett]

As has been reported in these newsgroups, as well as if you Google the KB
number, you'll find this is a spam with a virus.

:
: True, I should have included that 'unsolicited' caveat, tho I must have
missed
: something. Where did the original poster mention attachments? You're the
: second person to point out that MS never puts attachments on their
mails...
:
: --
: f.h.
: Microsoft Outlook MVP
:
:

 

[VanguardLH]

See, that's where it gets tricky. The beginning part of the url is
update.microsoft.com.ikl1l1.com/microsoftofficeupdate/isapdl/.... then a lot
of other stuff - does this appear correct?

How is that "tricky"? Does ikl1l1.com even hint to you that it belongs
to Microsoft?

 

[HarryP]

How is that "tricky"?  Does ikl1l1.com even hint to you that it belongs
to Microsoft?

People don't understand URLS. Read from the right to left, starting
at the first slash, people. I can put anything I want before that.
Http://officialwebsite.whitehouse.gov.yaaarrr.piratesden.tv/isapi/yourescrewed.aspx



I am getting 3 or 4 of these damn things a day on my work email. I
did a search for ikl1l1.com in Network Solutions' WhoIs database, and
this is the information:

Domain Name: IKL1L1.COM

Registrant [1940504]:
Nancy Villalobos (e-mail address removed)
178 Jim Cannon Road
Collins
GA
30421
US

It may be a mobile home - the lot (with no house) was for sale a year
ago for $22,000.

Anybody want to knock on this woman's door and give her a message from
the rest of us? (of course, the address may be fake, too)

 

[daviddpope]

I too received this microsoft outlook e mail and opened it before realising
that it was spam rather than a real update. Now my computer is much slower
and if I close out a web page I then receive a message saying "Internet
explorer has encountered a problem and needs to close. We are sorry for any
inconvenience" I then click on the close button and all my running programmes
close down and I am not able to re launch internet explorer until I have re
booted my computer. Is there a solution to this problem.

 

[F.H. Muffman]

I too received this microsoft outlook e mail and opened it before

realising that it was spam rather than a real update. Now my computer
is much slower and if I close out a web page I then receive a message
saying "Internet explorer has encountered a problem and needs to
close. We are sorry for any inconvenience" I then click on the close
button and all my running programmes close down and I am not able to
re launch internet explorer until I have re booted my computer. Is
there a solution to this problem.

If this is a work computer, I'd bring it to your IT department, tell them
what you did, and ask them to clean the system up.

If this is your computer, I'd run the A/V software and tell it to do a deep
scan of the hard drive. Get Spypot S&D (http://www.safer-networking.org/),
Ad-Aware (http://www.lavasoft.com), Windows Defender (http://www.microsoft.com/windows/products/winfamily/defender/default.mspx).


I'd also try posting in a newsgroup specific to your operating system, since
this isn't really an outlook issue anymore.

 

[daviddpope]

Thank you for your swift response. I will take your advice . Many thanks.
Regards