But when they do I doubt that they do it via Yahoo from somebody in Bangladesh.
Looking at the headers in that pastbin example, the originating IP is
114.31.4.36 which looks like it's from a cyber-cafe in Bangladesh.
Microsoft outsourcing their tech-support that badly? I don't think so.
On Thu, 14 Aug 2014, John Traweek CCNA, Sec+ wrote:
Usually an end user has to request the hotfix and fill out a form on the MS
site and then MS will send out an email with the URI. So to answer your
question, yes, MS does send out emails with hotfixes, but only when an end user
requests it, at least in my experience…
If the end user did not specifically fill out a form/request the hot fix, then
I would be very suspicious…
From: Alex [mailto:mysqlstud...@gmail.com]
Sent: Thursday, August 14, 2014 7:22 PM
To: SA Mailing list
Subject: Hotfix/phishing spam
Hi,
We had users reporting receiving an email that appears to be from Microsoft
regarding a hotfix, but it appears to actually contain Microsoft hotfix
info with a URI to download an executable. The executable is a zip that
contains a MSU (Windows6.1-KB977307-x64.msu). Does MS send such email?
http://pastebin.com/BS5jt86N
This one hits a lot of T_ rules; it'd be nice if they were real rules about now
:-)
It also hit BAYES_00, which I'm a little concerned about, but maybe not
necessarily if the body is indeed actually legit...
Thanks for any ideas.
Alex
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
