Undertegnede modtog hertil morgen en E-Mail, angiveligt fra Microsoft Update Center med titlen Security Update for OS Microsoft Windows. E-Mailen indeholder en PGP signatur samt en vedhæftet fil KB231396.exe.

I E-Mailen opfordres til at køre vedhæftede fil, da dette vil øge sikkerhed, lukke et par sikkerhedshuller og udfase nogen angivelige performance issues.

 Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website
http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

Kigger vi lidt på hvor denne mail kommer fra, ser det lidt anderledes ud, end at den skulle komme fra Microsoft Update Center:

Content-Type:  multipart/mixed; boundary="----=_NextPart_000_000E_01C92D6E.23614700"
Date:  Mon, 13 Oct 2008 19:59:02 +0300 [mandag, 13. oktober 2008 18:59:02 CEST]
Delivered-To:  karsten@spamthis.dk
From:  "Microsoft Update Center" <securityassurance@microsoft.com>
Importance:  Normal
MIME-Version:  1.0
Message-ID:  <01c92d6e$23614700$f590e657@5B3AN7>
  • (qmail 15694 invoked by uid 108); 13 Oct 2008 17:00:01 -0000
  • from unknown (HELO ? ( by hosting.spamthis.dk with SMTP; 13 Oct 2008 16:59:07 -0000
  • from [] by mx3.hotmail.com; Mon, 13 Oct 2008 19:59:02 +0300
Received-SPF:  softfail (hosting.spamthis.dk: transitioning SPF record at spf-d.hotmail.com does not designate as permitted sender)
Return-Path:  5B3AN7@hotmail.com

Læg mærke til HELO der ikke kan genkende Det må være det vi kan kalde en forged E-Mail, mere herom kan læses her. Med helt andre ord vedr. denne mail! Kør ikke den vedhæftede fil.