gefälschte Microsoft Email in Umlauf
Verfasst: Di 14. Okt 2008, 10:54
Wer diese Email erhalten sollte, darf auf keinen Fall den Dateianhang ausführen. Meine Analyse des Email- Headers hat ergeben, dass die Email aus Saudi- Arabien stammt. Die Absender- Emailadresse Microsoft Software customerservice@microsoft.com ist gefälscht. Hier die tatsächliche Herkunft:
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
Code: Alles auswählen
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '212.100.192.0 - 212.100.199.63'
inetnum: 212.100.192.0 - 212.100.199.63
netname: NASEEJNET
descr: ARabian advanced systems
descr: AwalNet
country: SA
admin-c: AR1254-RIPE
tech-c: AR1254-RIPE
status: ASSIGNED PA
mnt-by: AAA28-RIPE-MNT
source: RIPE # Filtered
role: AwalNet Role
address: Akariah 3, 8th Floor, Olaya St.
address: P.O.Box 50, Riyadh 11372, Saudi Arabia.
address: see http://www.awalnet.com
phone: +966 1 4600111
fax-no: +966 1 4601110
remarks: trouble: abuse@awalnet.net.sa
admin-c: AAC4-RIPE
admin-c: KA1234-RIPE
tech-c: ATC1-RIPE
nic-hdl: AR1254-RIPE
remarks: This Role object is for handling and maintaining all
remarks: IP Blocks registered by AwalNet
source: RIPE # Filtered
abuse-mailbox: abuse@awalnet.net.sa
% Information related to '212.100.192.0/19AS25233'
route: 212.100.192.0/19
descr: Saudi Arabia backbone and local registry address space
descr: AwalNet
origin: AS25233
mnt-by: AAA28-RIPE-MNT
source: RIPE # Filtered
Thomas