早上收到的电子邮件 发件方是 [email protected] ,看样子里面是微软的紧急技术支持邮件,但是这个页面特别粗糙,看起来根本不是微软的做事风格,而且使用 support.msn.com ,一般微软的补丁邮件都是 support.microsoft.com 发出的怎么会是MSN的.附件中的“漏洞补丁”文件名是 Q856166.exe ,微软命名补丁文件一般是 kb或者MS开头的,不免有些奇怪,而且微软从来不会将补丁文件带在邮件附件里发出,而是放入一个链接到微软官方的下载链接,基本确定这封电邮是伪造的.于是在各大MVP博客里找了一下主题为 Current Microsoft Security Update 的电邮,发现意大利MVP Russo也在其博客提到此事,而且他还下载该附件分析,是一种蠕虫病毒。
以下是病毒邮件全文:
| Microsoft Consumer this is the latest version of security update, the "December 2006, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality of all previously released patches. |
| Windows 95/98/Me/2000/NT/XP | |
| MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later | |
| Customers should install the patch at the earliest opportunity. | |
| Run attached file. Choose Yes on displayed dialog box. | |
| You don't need to do anything after installing this item. |
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.
Thank you for using Microsoft products.
----------------------------------------------------------
Thank you for using Microsoft products.
----------------------------------------------------------
放出张截图:
至于发自[email protected],很明显是通过伪造的电子邮件地址