DO NOT click on these links!


  • :belt_onion:

    I just received the mail below from our IT Support staff. They conveniently kept the link alive in their company-wide mail. Just to make sure everybody here has an equal opportunity to install it, I suppose?

     

    FYI: I moved the link from the href to the tooltip ...

     

    >>>>>>>>>>>>>>>>>>>>>>>>>

     

    QUICK REMINDER

     

    DO NOT click on these links!

     

    Microsoft does not send reminders for updates, this is done by Windows Update (automatically)

     

     

    From: Microsoft Customer Support [mailto:no-reply@microsoft.com]
    Sent: vrijdag 26 juni 2009 11:04
    To:
    Subject: Microsoft Outlook Update

     

    Critical Update

    Update for Microsoft Outlook / Outlook Express (KB910721)

    Brief Description

    Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

    Instructions

    • To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:

    http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=9292729619132711874363624632891437217400608928890697

    Quick Details

    • File Name: officexp-KB910721-FullFile-ENU.exe
    • Version: 1.4
    • Date Published: Fri, 26 Jun 2009 04:03:33 -0500
    • Language: English
    • File Size: 81 KB

    System Requirements

    • Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
    • This update applies to the following product: Microsoft Outlook / Outlook Express

     



  • Raise your hand if you checked to see if the OP left the link active.



  • Hang your head in shame if you checked to see if the OP left the link active [i]by clicking on it...[/i]

    (gets cluebat ready for co-worker)



  • @bjolling said:

    our IT Support staff.
     

    You mailed them back telling about their grave idiocy, in subtler terms?



  • What an obvious fake. No Microsoft updates were under 200 KiB, ever.


  • :belt_onion:

    @dhromed said:

    @bjolling said:

    our IT Support staff.
     

    You mailed them back telling about their grave idiocy, in subtler terms?

    I'm waiting for the really good comments to come in and then mail them a link.

     

    I just hope they dare clicking it



  • *raises hand*



  • I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:

    http://update.microsoft.com/microsoftofficeupdate/...

    but the actual link (just mouse over the link text to see it in Firefox) points to

    http://update.microsoft.com.1llijk.com/microsoftofficeupdate/

    which is in the "1llijk.com" domain, very different. But nicely obfuscated.



  • @AndyCanfield said:

    I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:

    http://update.microsoft.com/microsoftofficeupdate/...

    but the actual link (just mouse over the link text to see it in Firefox) points to

    http://update.microsoft.com.1llijk.com/microsoftofficeupdate/

    which is in the "1llijk.com" domain, very different. But nicely obfuscated.

    Precisely.  Just enough to fool people who would look at the link and say "it's got MS in the URL, so it must be from them."



  • @AndyCanfield said:

    I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:

    http://update.microsoft.com/microsoftofficeupdate/...

    but the actual link (just mouse over the link text to see it in Firefox) points to

    http://update.microsoft.com.1llijk.com/microsoftofficeupdate/

    which is in the "1llijk.com" domain, very different. But nicely obfuscated.

    Actually, I've seen them with similar but varied names for the actual domain, and the traces show the DNS listed here in the US. I've sent some emails for supporting evidence to some security folks I know.

    To the OP, I did exactly the same thing, emailing everyone in our company, and changing the link to point to Google. Granted, I put a hair more at the top, saying DO NOT CLICK THESE LINKS, DELETE THESE EMAILS, ASK IT FOR MORE INFO, etc.

    Very impressive wave otherwise, coordinated and wide-spread, with a massive amount of coverage in a very short period of time, based on my conversations with folks.



  • I am reminded of a spam email I got a few days ago that had the exact same subject line, but the body said "Do not click these links.  They will install travel deals on your computer."



  • @belgariontheking said:

    I am reminded of a spam email I got a few days ago that had the exact same subject line, but the body said "Do not click these links.  They will install travel deals on your computer."
    Ah, reverse psychology.  How can I resist clicking on it now?



  • @drachenstern said:

    To the OP, I did exactly the same thing, emailing everyone in our company, and changing the link to point to Google.

    Should have pointed it to a page that said:

    "<font size="7" color ="red"><font color = "green">NNN</font> humans fail at reading comprehension
    (including you)</font>"



  • @Spectre said:

    Should have pointed it to a page that said:
     

    And also a hitcounter with IP.


Log in to reply