This just came through to my inbox. Fortunately, Small Business Server 2003’s Exchange filtering snagged the executable but thought this is worth touching on. Never run an executable from anyone you haven’t explicitly requested it from.
You can see from the headers of this message that it really came from a Yahoo mail server, not Microsoft. I found this one interesting that they are beginning to fake out the PGP key and even took the time to use Steve Lipner’s name in it. Pretty creative, but still a bunch of baloney. – Steve
Microsoft Mail Internet Headers Version 2.0
thread-index: Ackrxj/LwJkXJhdjTIq3Bk8lpONEJw==
Received: from static235-3.adsl.no ([213.161.235.3]) by corp.banksnw.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 11 Oct 2008 10:24:41 -0700
Received: from [213.161.235.3] by b.mx.mail.yahoo.com; Sat, 11 Oct 2008 18:24:42 +0100
Message-ID: <01c92bce$a0ee5100$03eba1d5@03DNAG1>
From: “Microsoft High-priority update” <customerservice@microsoft.com>
To: <steve@banksnw.com>
Content-Transfer-Encoding: 7bit
Subject: Security Update for OS Microsoft Windows
Date: Sat, 11 Oct 2008 18:24:42 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_0006_01C92BCE.A0EE5100″
Content-Class: urn:content-classes:message
X-Priority: 3
Importance: normal
Priority: normal
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
Return-Path: <03DNAG1@yahoo.com>
X-OriginalArrivalTime: 11 Oct 2008 17:24:42.0354 (UTC) FILETIME=[3F5FED20:01C92BC6]
X-TM-AS-Product-Ver: SMEX-7.5.0.1243-5.5.1027-16212.000
X-TM-AS-Result: No–22.286100-5.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
——=_NextPart_000_0006_01C92BCE.A0EE5100
Content-Type: text/plain;
charset=”Windows-1252″
Content-Transfer-Encoding: 7bit
——=_NextPart_000_0006_01C92BCE.A0EE5100
Content-Type: text/plain;
name=”RemovedAttachments002.txt”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=”RemovedAttachments002.txt”
——=_NextPart_000_0006_01C92BCE.A0EE5100–
—–Original Message—–
From: Microsoft High-priority update [mailto:customerservice@microsoft.com]
Sent: Saturday, October 11, 2008 10:25 AM
To: Steven Banks
Subject: Security Update for OS Microsoft Windows
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
—–BEGIN PGP SIGNATURE—–
Version: PGP 7.1
TLG52OUNH1ZE78UC9M3JL34R9RXTPT38TDP3DK09RJJ1E9305S400UA96V8NEVBPT
Y57343V8GJE4SL8JM3J39GAKNRK82WRH19IF566HLV8AM3SOCE52M12LHS9NKH899
J512NAX08TP9LE56GCNX3CN39AKLV44YKA2RYUMRK442ISYAQKYG85J5UN41TW5G4
C92RNORH2JFSI7SCIOBDDAWPTL8JO9VXH3XSE4S7SJO33XCED3YUAB8ZGJ4GCOBP3
8JLFYB93MBKN1SSL2ZMKIFB8619TDPDJEEY==
—–END PGP SIGNATURE—–
The one I got yesterday had a hotmail server as opposed to a yahoo one but using the properties for the email I found that the message content was the same as you posted.
I knew something was up when I 1st saw it but I wanted to check out the properties of it before I deleted it just to see where it came from. I never actually even opened up the email. As SOP, I don’t even have the “preview screen” “turned-on” but I did notice it had an attachment but I didn’t do the properties of it b/c I didn’t even open up the email.
Hello!!! msmvps.com is one of the most outstanding innovative websites of its kind. I enjoy reading it every day. All the best.