Windows users – do you take your computer’s security seriously?
If so, you might decide to take prompt action when you receive an email seemingly from the Microsoft Digital Crimes Unit.
But that would actually be a big mistake.
You may remember that the Digital Crimes Unit at Microsoft are the folks who have worked hard to bring down botnet servers, including those associated with Zeus, and investigated suspected malware authors.
Here’s what today’s spammed-out email, which uses the subject line “Security”, looks like:
Dear Email User,
Due to a new vulnerability which is exploited by hackers to steal your online details.
Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.
All users of the Internet and Microsoft products are hereby required to validate there email account information irregardless of their Internet service provider or Host company.
To validate your email account and to prevent hackers from exploiting the new vulnerability.
Please download the "Microsoft_STF" file attached, extract the file on to your desktop and open.Once done you will updated on Microsoft security database.
Please note that if your email is not validated, your email will be at risk for hackers getting into your personal or business email account there by getting access to classified or privileged information.
2013 Microsoft Digital Crimes Unit
Attached to the email is a file called Microsoft_STF_install.zip. And, according to the above email, “all users of the internet” should run the program to validate “there” (sic) email account.
Sounds serious, right?
Well, hopefully most of you will be rightly suspicious (even if it didn’t contain spelling mistakes) of the unsolicited email and too wise to blindly run a program just because of instructions which claim to come from Microsoft.
Sophos products detect the attached file as the Troj/Agent-AANA Trojan horse.
The irony of a cybercriminal attack posing as the Microsoft Digital Crimes Unit, and using the fear of vulnerabilities and malware infection to trick users into unwittingly compromising their Windows computers shouldn’t be lost on any of us.
Sadly, these kind of scare tactics are exactly the kind which will fool some people.
Be careful out there.
PS. You can read about the real Microsoft Digital Crimes Unit here.
7 comments on “Malware attack poses as security warning from Microsoft Digital Crimes Unit”
Why did you filter out the from address?
Because it might be an innocent party. And it’s child’s play for the bad guys to change it anyway.
Another way to know this scam— old Xp and Microsoft Logo.
The likelihood that recipients don't know enough NOT to open attachments to unsolicited messages is bad enough. Additionally, there's the unhappy fact that due to widespread illiteracy, vast numbers of people aren't even able to recognize the semantic and syntactic errors in the message—misspellings, incomplete sentences, phony words.
I presume the authors of such spamular garbage are too stupid to know any better. But it's a doggone shame that the way the spam is written probably won't tip itself off to those who don't know that "irregardless" isn't a real word, and can't spot the other illiterate clues in the spam. Illiteracy creates victims.
for me, the very poor english used in the message would be a giveaway that the email was bogus.. i would think that the message was written by kids..
Has anyone reported receiving an email similiar to this from Hewlet Packard regarding printer security? I received one this morning and it has no logo and just does not look right at all…I have a $30 printer anyway…how could it be in danger of a security breach?!
Microsoft contacts people for one reason – as a follow-up on an issue you've contacted them about and that's it.
I've told my friends and family this many, many times. And told them to tell everybody they can get to listen.