Windows users – do you take your computer’s security seriously?
If so, you might decide to take prompt action when you receive an email seemingly from the Microsoft Digital Crimes Unit.
But that would actually be a big mistake.
You may remember that the Digital Crimes Unit at Microsoft are the folks who have worked hard to bring down botnet servers, including those associated with Zeus, and investigated suspected malware authors.
Here’s what today’s spammed-out email, which uses the subject line “Security”, looks like:
Dear Email User,
Due to a new vulnerability which is exploited by hackers to steal your online details.
Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.
All users of the Internet and Microsoft products are hereby required to validate there email account information irregardless of their Internet service provider or Host company.
To validate your email account and to prevent hackers from exploiting the new vulnerability.
Please download the "Microsoft_STF" file attached, extract the file on to your desktop and open.Once done you will updated on Microsoft security database.
Please note that if your email is not validated, your email will be at risk for hackers getting into your personal or business email account there by getting access to classified or privileged information.
2013 Microsoft Digital Crimes Unit
Attached to the email is a file called Microsoft_STF_install.zip. And, according to the above email, “all users of the internet” should run the program to validate “there” (sic) email account.
Sounds serious, right?
Well, hopefully most of you will be rightly suspicious (even if it didn’t contain spelling mistakes) of the unsolicited email and too wise to blindly run a program just because of instructions which claim to come from Microsoft.
Sophos products detect the attached file as the Troj/Agent-AANA Trojan horse.
The irony of a cybercriminal attack posing as the Microsoft Digital Crimes Unit, and using the fear of vulnerabilities and malware infection to trick users into unwittingly compromising their Windows computers shouldn’t be lost on any of us.
Sadly, these kind of scare tactics are exactly the kind which will fool some people.
Be careful out there.
PS. You can read about the real Microsoft Digital Crimes Unit here.Follow @gcluley