Home > Spam Phishing Emails > Spam Emails offering KB910721 Outlook Updates

Spam Emails offering KB910721 Outlook Updates

June 27th, 2009

Beware of Spam Emails which arrives in your inbox bannering itself as an Critical Update for Microsoft Outlook which offers KB910721 executable file BUT ACTUALLY ITS NOT. We can be easily spoofed by that website design as it will be somewhat similar to the Original Microsoft Web Layout.

These Spam Emails will be seen as official looking one (screenshot below) and it will arrive to your Inbox using one of these Subject Lines:

Critical Update for Microsoft Outlook
Install Critical Update for Microsoft Outlook
Install Update for Microsoft Outlook
Microsoft has released an update for Microsoft Outlook
Microsoft Outlook Critical Update
Microsoft Outlook Update
Update for Microsoft Outlook

Spam Email Campaign for Outlook Updates

Spam Email Campaign for Outlook Updates

which in turn will redirect you to a website(screenshot below) to download the Trojan file.

Spam Email redirects to Malicious website

Spam Email redirects to Malicious website

This Phishing websites are coming from more than 70 different domain names including:

update.microsoft.com.11hilf.com
update.microsoft.com.11hilf.net
update.microsoft.com.1llijk.com
update.microsoft.com.1llijk.net
update.microsoft.com.hfhilf.com

Out of 41 Antivirus scans 14 were detected the file from that website as malicious as per the report by Virus Total. This email campaign ties to the top notch password stealing malware in the world called as “ZBOT” aka “Zeus Botnet”.

So if you use any Antivirus or Internet Security Suite with up-to-date virus and spyware definitions, when you are visiting the phishing or malicious websites you will see the screen similar to the one below.

Antivirus protects blocks the malicious website

Antivirus protects blocks the malicious website

You may ask “How do I know it didn’t come from Microsoft?”. Well two reasons here:

First Microsoft never sends out email attachments directly to your Email.

Second when you look deep in to this malicious website name as update.microsoft.com.1llijk.com you can see 1llijk.com is the main phishing website, probably they have created update.microsoft.com as a sub domain or else created a folder in that name in their web server. So its obvious that we will note only the first few words in the address bar and we believe that its from trusted website.

So henceforth watch out for the entire domain name and if you found anything suspicious DO NOT go forward.

Have something informative about this issue please proceed with the comments or share it across.

Comments Closed

  1. No comments yet.
Comments are closed.
Wordpress SEO Plugin by Wordpress SEO Plugin