It was unbelievable how creative hackers are. I was checking my mails today and found a mail purpotedly sent out by Microsoft.

The sender's address is Microsoft < update524 @ > and here is the content of the mail

"Dear Microsoft Windows User,

You are recieving this notification because the version of Windows you are running is affected by a serious security issue.

In order to protect yourself and other users of the Windows operating system, it is recommended that all users upgrade Microsoft Windows as soon as possible.

To do so, please download the KB7[6
(clickable link in my mail)".

What are the clues that made me know instantly this is a phishing tactic?

First I've been using Microsoft Windows for years and they never sent out mail for critical security update, any fixes no matters how serious, are automatically downloaded from microsoft's site by your OS (Windows Update services running at backend).

Second, they sent to an email I never used to register with microsoft and I can remember very well Microsoft never ask for email during Windows activation.

If you received such email, you should not click and download the patch the phishing site gives you.

What if you've click and download from the phishing site?  Don't just say 'Oh damn' or 'Shit'!  Basically I would suggest you re-format your whole harddisk - no joke.

First thing first, disconnect yourself from the Internet immediately, this is to make sure nothing is send out to the Internet without your knowledge.

Why would you need to reformat and is this the best fix?

I have no idea how good is the patches from the phishing site but let's not under estimate their capability.  Reformatting your PC/Notebook would be the best solution and before you do that remember to backup all your important data before reformatting - this would serve as a good lesson if you've NOT been backing up your data - :p

If this is not possible, then the least you can do is don't use the affected PC/Notebook to connect to the Internet.

If you have never been constantly updating your OS with the latest fixes and want to do so, go to your 'Control Panel' and click 'Windows Update' to let download and update automatically for you - from the official support site off course :).

Date: 02 Sept 2010

  1. Anonymous 03 September, 2010 02:17  

    I got the same email today. I know it's bogus because there's a misspelled word in it.