Interesting email...

[ViRaL1]

I got this in my Hotmail inbox today along with an attached .rar file and I was curious if anyone else has gotten anything similar. I scanned and opened the .rar file. It had an application with the MS Installer logo. It's obvious it's not legit just from reading the email and it's almost certain that it's some kind of spyware / malware. Does anyone make anything that you can scan a file with to determine if it's something malicious BEFORE you open it. I know AV apps do this, but they only search for viruses so it's not much help in that respect.

---------------------------------------------------------------
Content-Type: multipart/related; boundary="----------BCBAF51672E6D553655F8261EA"


Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit


Dear Sir/Madam,
We kindly ask you to install this update to your PC as soon as possible.
In the libraries of OS Windows® critical errors have been found. This errors
lead to destruction of the system files from your computer without an
opportunity on restoration. The given service-pack fixes libraries and does not
allow various Trojan modules to penetrate into your computer.

Yours Faithfully,
Microsoft INC







Content-Type: application/rar; name="MsWindowsUpdate.rar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MsWindowsUpdate.rar"

[joecav]

Un-Rar it and tel us what happens

[ViRaL1]

Unraring wasn't a problem. I scanned the .rar file with Norton before I opened it. Also, Hotmail scans with Trend Micro AV before allowing me to download. Virus-wise it's safe. It's the application INSIDE the .rar that I'm unsure about, and I'm not about to hose my machine just for fun. If you're game, I can forward it to you. :P

[mastersmurfie]

Dear Sir/Madam,
We kindly ask you to install this update to your PC as soon as possible.
In the libraries of OS Windows® critical errors have been found. This errors
lead to destruction of the system files from your computer without an
opportunity on restoration. The given service-pack fixes libraries and does not
allow various Trojan modules to penetrate into your computer.

Yours Faithfully,
Microsoft INC


Content-Type: application/rar; name="MsWindowsUpdate.rar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MsWindowsUpdate.rar"

The grammatical errors, and the ".rar" extension on the attachment would have made me completely disregard the email...

[ChrisX]

Are you sure this email from Microsoft?

I wouldn't open it and must be deleted.

I reckon this is a scam email pretending to be from a Microsoft message and a risk.

I don't think Microsoft does send emails like that and this would likely to be fraud.

ChrisX

[thecoalman]

I've been getting about 2 or 3 of those a day. Go ahead open it..... Probably spyware, since spyware is not technically a virus your AV won't pick up on it.

[ViRaL1]

Are you sure this email from Microsoft?

I wouldn't open it and must be deleted.

I reckon this is a scam email pretending to be from a Microsoft message and a risk.

I don't think Microsoft does send emails like that and this would likely to be fraud.

ChrisX

I'm sure it's NOT from Micro$oft. I never had any doubts as to it's validity, I just get the feeling there might be a rash of these going out just waiting to take hold.

[northcat_8]

I got some of those, I just delete them.

I don't trust anything from Microsoft I don't have to pay for.

[Capmaster]

I don't trust anything from Microsoft I do have to pay for

[Doramius]

I don't trust Microsoft...................

I just go to their site and download anything I need. If they email me, I send them a picture of my a** and then go to the site and download anything I need. If they reply to my message, I send them another picture of my a** and go to their site and download anything I need.

The point is, I don't trust Microsoft..........................and I like to send them pictures of my a**.

[Cobra]

I think Microsoft are OK. They've produced a flexible, quite stable and user-friendly system in XP. The automatic updates are good. The ability to plug and play hardware (on the whole) is good.

We're certainly a lot better off than we were five years ago.

[ChrisX]

Are you sure this email from Microsoft?

I wouldn't open it and must be deleted.

I reckon this is a scam email pretending to be from a Microsoft message and a risk.

I don't think Microsoft does send emails like that and this would likely to be fraud.

ChrisX

I'm sure it's NOT from Micro$oft. I never had any doubts as to it's validity, I just get the feeling there might be a rash of these going out just waiting to take hold.

It is fraud, not from Microsoft.

Check out report: ZDNet


There is info from Microsoft on fake emails and as I understand Microsoft only sends out update alerts without any attachment.

I do get them as genuine from Microsoft as a mid-monthly alert telling me to update my PCs.

I just get into website 'Windows Update' and don't touch any link on an email.

I do download a standalone file for backup and network installs.

ChrisX

[Doramius]

I think Microsoft are OK. They've produced a flexible, quite stable and user-friendly system in XP. The automatic updates are good. The ability to plug and play hardware (on the whole) is good.

We're certainly a lot better off than we were five years ago.

But I still don't do anything the email says. I send them a picture of my a** and download anything I need directly from their site. I'm just worried that one day it'll be a High res .jpeg of my a**. :P

[tekkieman]

M$ bashing aside for a moment. I've received two this week about updating my PayPal account.


I've never had a PayPal account!

[Doramius]

Maybe you should open one and then send them a picture of your a** and go to the site to update your computer.

I have PayPal. They have a noticce that says that if anyone tells you to do that, that you just delete the email, close your browser, check your security settings, and then go directly to paypal and verify your information. You can cann their hotline if you have any questions. PayPal is really good though.

[tekkieman]

My wife has one, so I use that if need be. It was just funny that it came to my email when I've never had one.

[yoda313]

Hello,

The automatic updates are good. The ability to plug and play hardware (on the whole) is good.

We're certainly a lot better off than we were five years ago.

YEP!

Also - I think MICROSOFT only offers updates via AUTOMATIC UPDATE OR the direct download you have to initiate yourself at the techsupport on www.microsoft.com

Kevin

[888888]

Are you sure this email from Microsoft?

I wouldn't open it and must be deleted.

I reckon this is a scam email pretending to be from a Microsoft message and a risk.

I don't think Microsoft does send emails like that and this would likely to be fraud.

ChrisX

Are you being reverse-sarcastic or do we need to get out the "master of the obvious" jpeg?

[offline]

Ah.. the old reverse reverse sarcastic sarcastic trick.
.

[Capmaster]

Ah.. the old reverse reverse sarcastic sarcastic trick.
.

Ahhh ...a classic.

[Doramius]

Ah.. the old reverse reverse sarcastic sarcastic trick.
.

Ahhh ...a classic.

Is it really? :P

[shelbyGT]

we had crossmojonation and their heads blew off!

[ViRaL1]

Here's an update...

New Virus Attack Technique Bypasses Filters

Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.

ADVERTISEMENT Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.

more at http://www.eweek.com/article2/0,1759,1756636,00.asp?kc=ewnws013105dtx1k0000599

[doppletwo]

Un-Rar it and tel us what happens

This is a funny post.

[ViRaL1]

I got another one today from a different source. The first one FINALLY scans as a trojan, but the new one doesn't come up as anything bad with Norton, even with today's defs.

[doppletwo]

Unrar is and tell us what happens Viral1

It's probably ok.

[ViRaL1]

I did, and it is. It's the application INSIDE the RAR file that's potentially infectious.

[doppletwo]

Application what are you getting a job?

[ViRaL1]

I hope not, I already have two. I think a third would do me in for sure, that or my girlfriend when she finds out I GOT a third job.

There's an .exe file inside the .rar file, although the icon makes it look like it's a .txt file. I'm going back and forth between opening it and just pouring scalding hot coffee into my CPU fan while it's spinning.

[doppletwo]

Make sure there is sugar and cream in the coffee.

the sugar kill viruses.