DO NOT click on these links!
-
I just received the mail below from our IT Support staff. They conveniently kept the link alive in their company-wide mail. Just to make sure everybody here has an equal opportunity to install it, I suppose?
FYI: I moved the link from the href to the tooltip ...
>>>>>>>>>>>>>>>>>>>>>>>>>
QUICK REMINDER
DO NOT click on these links!
Microsoft does not send reminders for updates, this is done by Windows Update (automatically)
From: Microsoft Customer Support [mailto:no-reply@microsoft.com]
Sent: vrijdag 26 juni 2009 11:04
To:
Subject: Microsoft Outlook UpdateCritical Update
Update for Microsoft Outlook / Outlook Express (KB910721)
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.
Instructions
- To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:
Quick Details
- File Name: officexp-KB910721-FullFile-ENU.exe
- Version: 1.4
- Date Published: Fri, 26 Jun 2009 04:03:33 -0500
- Language: English
- File Size: 81 KB
System Requirements
- Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
- This update applies to the following product: Microsoft Outlook / Outlook Express
-
Raise your hand if you checked to see if the OP left the link active.
-
Hang your head in shame if you checked to see if the OP left the link active [i]by clicking on it...[/i]
(gets cluebat ready for co-worker)
-
@bjolling said:
our IT Support staff.
You mailed them back telling about their grave idiocy, in subtler terms?
-
What an obvious fake. No Microsoft updates were under 200 KiB, ever.
-
@dhromed said:
I'm waiting for the really good comments to come in and then mail them a link.@bjolling said:
our IT Support staff.
You mailed them back telling about their grave idiocy, in subtler terms?
I just hope they dare clicking it
-
*raises hand*
-
I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:
http://update.microsoft.com/microsoftofficeupdate/...
but the actual link (just mouse over the link text to see it in Firefox) points to
http://update.microsoft.com.1llijk.com/microsoftofficeupdate/
which is in the "1llijk.com" domain, very different. But nicely obfuscated.
-
@AndyCanfield said:
I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:
Precisely. Just enough to fool people who would look at the link and say "it's got MS in the URL, so it must be from them."http://update.microsoft.com/microsoftofficeupdate/...
but the actual link (just mouse over the link text to see it in Firefox) points to
http://update.microsoft.com.1llijk.com/microsoftofficeupdate/
which is in the "1llijk.com" domain, very different. But nicely obfuscated.
-
@AndyCanfield said:
I like to compare the text of the link with the actual link. I saved this one. The text of the link, which is visible, shows:
Actually, I've seen them with similar but varied names for the actual domain, and the traces show the DNS listed here in the US. I've sent some emails for supporting evidence to some security folks I know.http://update.microsoft.com/microsoftofficeupdate/...
but the actual link (just mouse over the link text to see it in Firefox) points to
http://update.microsoft.com.1llijk.com/microsoftofficeupdate/
which is in the "1llijk.com" domain, very different. But nicely obfuscated.
To the OP, I did exactly the same thing, emailing everyone in our company, and changing the link to point to Google. Granted, I put a hair more at the top, saying DO NOT CLICK THESE LINKS, DELETE THESE EMAILS, ASK IT FOR MORE INFO, etc.
Very impressive wave otherwise, coordinated and wide-spread, with a massive amount of coverage in a very short period of time, based on my conversations with folks.
-
I am reminded of a spam email I got a few days ago that had the exact same subject line, but the body said "Do not click these links. They will install travel deals on your computer."
-
@belgariontheking said:
I am reminded of a spam email I got a few days ago that had the exact same subject line, but the body said "Do not click these links. They will install travel deals on your computer."
Ah, reverse psychology. How can I resist clicking on it now?
-
@drachenstern said:
To the OP, I did exactly the same thing, emailing everyone in our company, and changing the link to point to Google.
Should have pointed it to a page that said:
"<font size="7" color ="red"><font color = "green">NNN</font> humans fail at reading comprehension
(including you)</font>"
-