Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 9 October 2008

Microsoft Official Update Center

Created September 19th (according to PEInfo), you'd normally assume that detection for this would be fairly good by now. However, looking at the current detections on VirusTotal, shows this is not the case - detection is still disturbingly abismal;

http://www.virustotal.com/analisis/1f99ab04bd9d2479c8a5a1df3edf6878

The e-mail I received a few minutes ago, shows it's also still doing the rounds, and surprisingly, the file is the same as it was previously (KB218591.exe).

Exported by: Outlook Export v0.1.2


From: Microsoft Official Update Center
E-mail:securityassurance@microsoft.com [ 207.46.232.182 - Resolution failed ]
Date: 10/10/2008 00:36:19
Subject: Security Update for OS Microsoft Windows
**************************************************************************
Links
**************************************************************************

Link: hxxp://www.microsoft.com
Domain: www.microsoft.com
IP: 207.46.19.190 [ wwwbaytest1.microsoft.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false


**************************************************************************
Text Version
**************************************************************************
Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.


Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

MGE2P47S4M69AV9TW6GL07KNEW3W1M230K93QOSJT57OT3OFG0XXGLOV8S5Z36DA4
U7PLU5JNVT0E86RI7AP7NX0CVTY8M3H3B59UJV7LUJTXTKEMQVK264JG2IDZSOGD1
IRL2T9VYP9SPOSNBHPQO37FO0HPL79Z6S6D03PVJ96B4JHN3VJHWJA9SB4S65DHGK
YO857A31BH1ZXYCY7W0DIDF8E5FI1PCDM7FUV9FADHIESLK8RPI3S0K3V1B8CQT8Q
21705HO3JPKRKZGGKXK82AKHMT3ZY7ISOZT==
-----END PGP SIGNATURE-----


**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7036.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>Dear Microsoft Customer,<BR>
<BR>
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.<BR>
<BR>
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.<BR>
<BR>
Since public distribution of this Update through the official website <A HREF="http://www.microsoft.com">http://www.microsoft.com</A> would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.<BR>
<BR>
As your computer is set to receive notifications when new updates are available, you have received this notice.<BR>
<BR>
In order to start the update, please follow the step-by-step instruction:<BR>
1. Run the file, that you have received along with this message.<BR>
2. Carefully follow all the instructions you see on the screen.<BR>
<BR>
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.<BR>
<BR>
We apologize for any inconvenience this back order may be causing you.<BR>
<BR>
<BR>
Thank you,<BR>
<BR>
Steve Lipner<BR>
Director of Security Assurance<BR>
Microsoft Corp.<BR>
<BR>
<BR>
-----BEGIN PGP SIGNATURE-----<BR>
Version: PGP 7.1<BR>
<BR>
MGE2P47S4M69AV9TW6GL07KNEW3W1M230K93QOSJT57OT3OFG0XXGLOV8S5Z36DA4<BR>
U7PLU5JNVT0E86RI7AP7NX0CVTY8M3H3B59UJV7LUJTXTKEMQVK264JG2IDZSOGD1<BR>
IRL2T9VYP9SPOSNBHPQO37FO0HPL79Z6S6D03PVJ96B4JHN3VJHWJA9SB4S65DHGK<BR>
YO857A31BH1ZXYCY7W0DIDF8E5FI1PCDM7FUV9FADHIESLK8RPI3S0K3V1B8CQT8Q<BR>
21705HO3JPKRKZGGKXK82AKHMT3ZY7ISOZT==<BR>
-----END PGP SIGNATURE-----<BR>
</FONT>
</P>

</BODY>
</HTML>

**************************************************************************
Headers
**************************************************************************
Return-Path: <67G2ZA@hotmail.com>
Delivered-To: services@[RM]
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-75.livemail.co.uk (Postfix) with SMTP id F3501CCCD71
for <services@[RM]>; Fri, 10 Oct 2008 00:36:55 +0100 (BST)
Received: from [218.1.142.89] (unknown [218.1.142.89])
by smtp-in-75.livemail.co.uk (Postfix) with ESMTP id C0280CCCD77
for <dunganrfpkivaq@[RM]>; Fri, 10 Oct 2008 00:36:18 +0100 (BST)
Received: from [218.1.142.89] by mx3.hotmail.com; Fri, 10 Oct 2008 07:36:19 +0800
From: "Microsoft Official Update Center" <securityassurance@microsoft.com>
To: <dunganrfpkivaq@[RM]>
Subject: Security Update for OS Microsoft Windows
Date: Fri, 10 Oct 2008 07:36:19 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01C92AAA.E285DB80"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: Aca6QXM74RFZ6O0EQNU4311TLV609K==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Message-ID: <01c92aaa$e285db80$598e01da@67G2ZA>
X-Original-To: dunganrfpkivaq@[RM]

No comments: