Faked Microsoft email in circulation
Warning: We caught an email which slipped through our spam filter and it most likely contains a link to harmful software. You get offered an IE7 download. Read what we investigated.
The email is not from Microsoft and you shouldn't click any link offering IE7, as those downloads are only available from Microsoft!
See the following screenshots for detailed information:
This is how my Outlook has displayed the email in my email list
Microsoft send emails differently. They don't send newsletters from @microsoft.com. The next screenshot shows you a legitimate Microsoft sender address:
You should be suspious of every email which shows just an image file and nothing else. Outlook blocks those image files for security reason:
Why hasn't the email been caught by our spam filter? Well, we'll show you the technique used to bypass spam filters and pretend to be a legitimate email.
First I moved the suspicious email into the Junk folder and what a "surprise". The shown link has nothing to do with Microsoft. Once the email was moved into the Outlook Junk Folder the link became obvious: tvz-archive.com
I checked the domain and got to the following site. Of course I didn't click the link!
The Whois entry shows:
Here you can see why the email was missed by the spam filters. We checked the source code of the email which revealed a lot of text, which of course was not meant to be displayed, but to con the spam filter. Below is some of the text to give you an idea how it works:
|
Well, I've made it through my first two weeks back to work and I've
survived!! LOL (I had tendon repair and a tenosynovectomy on my PT
When I saw my surgeon on the 3rd of April, he told me that I could
(geez, I needed the directions to remember how to put the darn thing
on!) I have to wear the boot when I go out anywhere for awhile yet.
huh?...go back to work for 2 weeks and have a week off! ) I really
wasn't ready for a week off after being off for over 8 weeks. (geez, I
can't believe I'm saying that!!!)
I've been walking around with the soft tie up support brace in my
didn't work either. The good news is that with just the brief amounts
of time, I've been without the boot, I've been better able to walk
off balance because of the weakness. It's 10 weeks since my
surgery...the surgeon says the 6 month mark will mean I'm half way
I'd appreciate any suggestions in regard to shoes, how to get around
with just the tie-up support and anything else. I will be starting PT
spring weather coming in!
Thanks everyone! Hope you're all having a great spring!!
Carol
Hallo Leute,
ich hab mal 'ne Frage.
nicht von den Tabletten, von mir. Die Frage ist, kann sie auf Fahrten weiterhin
diese Pillen nehmen (oder auch die Kaugummis gleicher Wirkung), oder sind da
irgendwelche Wirkstoffe drin, die man im Interesse des Kindes meiden sollte?
bedeutet. Ist das in der BRD auch so? Irgendwie kommt es uns albern vor, dass
man am Tage der Empfaengnis bereits in der zweiten Schwangerschaftswoche ist.
Soviele Fragen!
Vielen Dank im Voraus und 'tschuldjung fuer die leicht konfuse
Themenzusammenstellung.
Christian
Hallo Christof,
in einer Nachricht vom 07 Feb 96 schriebst Du an Alle :
CG> Kann mir jemand ein gutes und (leicht) verstaendliches Physiologie-Buch
CG> empfehlen? Achtung, ich bin Biologe und kein Mediziner :)
VersuchA?A?s mal mit Silbernagel/Despopoulos : Taschenatlas der Physiologie
Thieme-Verlag
Tschoe,
Birgit |
Within the source code we found the following links, a link which would bring you to the malicious IE7 download and a link from where they call the IE7 image file:
The displayed image file would look like this one:
As you can see, this is not a legitimate Microsoft email and you must not click on any links wihin such an email and don't download IE7 from a source other then Microsoft itself..
We did some more digging:
Here is the header of the malicious email. You find there the "Return-Path", from the server we received the email from, the IP address where it is supposed to have originated. Even the Originated Email was faked and our clients address was used as the sender address.
A whois query for the originating IP does not resolve. There is no such IP address.
The header entry shows as the return path a domain in Belgium (.be). A Whois query shows a Server in Switzerland:
A Whois query for the sending IP resolves to Colombia.
A lot of wired entries. However, be careful if you receive such or similar emails and never download IE from a source other than Microsoft. You never know what somebody might have added to such a faked version.
Disclaimer - This newsletter is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. The Virtual Workforce Company Ltd. shall not be liable for damages of any kind in connection with the use or misuse of this information.
Bookmark this page by using: