Received e-mail from "Windows Live Messenger Team"...

[DaveyMN]

Based on what's happened in the past week, I have no intentions of taking risks here.... does the below e-mail look legit? Has anyone else received it?

I did in no way want to click the download link in case it sent viruses all around my machine.

[Pupik]

Without knowing where it links to, looks legit to me.

[Spookie]

If there is an update manually go to the windows site and look for it there.

[Berserk87]

got the same email.

upfront it looks legit, although the link looks odd despite a whois saying its owned by microsoft.

a google search dosnt show that domain, it should be "download.live.com"

plus the "from" email looks off.

communications_msn_cs_enuk@microsoft.windowslive.com

[Billus]

It seems genuine. What version of messenger are you using? Btw, the email they use for Australian users is: communications_msn_cs_enau@microsoft.windowslive.com

Alternatively if your still suspicious, just look at the site address or for more precautionary measures, visit their website without using the link from the email and update from there.

Edit: It seems what I had to say has already been said before I could post. Please don't think I've stolen your ideas and not quoted them. Cheers

[DaveyMN]

It seems genuine. What version of messenger are you using? Btw, the email they use for Australian users is: communications_msn_cs_enau@microsoft.windowslive.com

Alternatively if your still suspicious, just look at the site address or for more precautionary measures, visit their website without using the link from the email and update from there.

Problem is, nothing here suggests that there has been a recent update. The version of Messenger I'm using is 'Build 14.0.8089.726', which I think is the most recent version. For those that can't see what the e-mail actually says:

"Dear Messenger User,

We have just released a new version of Messenger which includes important security updates to help keep you and your friends safe while you chat online. All Messenger users will be required to have the latest version to continue using the service."

The bolded bit really suggests to be that it is spam.

[Lee G. Veteran]

It could be legitimate, as my WLM was telling me a new version (I think it was just an update) was out the other day. Regardless, don't click the link, and just download it from http://download.live.com/messenger

[AdzzzUK]

There have been security updates to older versions and they are forcing all non-live messenger users to upgrade.

Don't ever click a link in an email - open a webbrowser, go to live.com, and download manually from there.

Ad

[+Peewee210 Subscriber¹]

I got the same email, but it came up in my Spam box. I recently installed a new Messenger version anyway.

Like people have said, go to Live.com, and download it that way.

[DaveyMN]

I think it's legitimate. My WLM was telling me a new version was out the other day.

There have been security updates to older versions and they are forcing all non-live messenger users to upgrade.

Don't ever click a link in an email - open a webbrowser, go to live.com, and download manually from there.

Ad

I just logged in to my WLM, and I never got a message alerting me to a 'newer version', which normally happens whenever a new version is out.

I did update the other day, which makes me suspicious as to that e-mail.

[Lee G. Veteran]

I just logged in to my WLM, and I never got a message alerting me to a 'newer version', which normally happens whenever a new version is out.

I did update the other day, which makes me suspicious as to that e-mail.

I edited my post to make it more useful. Just don't click on the e-mail's links, and either download WLM from http://download.live.com/messenger or don't do anything, if your WLM isn't saying it needs updating.

EDIT: I just checked my Windows Live Mail inbox, and I have the same e-mail.

EDIT: It has to be fake, the download link the e-mail gives is,

http://microsoft.windowslive.com/Key=38834.CZLbD.D.Gb.krWk9

It also says 'The system requirements for the new version of Messenger can be found at http://download.live.com/SystemRequirements.aspx', but the link goes to,

http://microsoft.windowslive.com/Key=38834.CZLbD.F.Gb.LQsMvW

Edited October 10, 2009 by lcg

[DaveyMN]

EDIT: I just checked my Windows Live Mail inbox, and I have the same e-mail.

Do you have the latest version? If so, I think we can safely assume it is spam.

EDIT: OK, its fake. I presume clicking on the download link will send your PC virus crazy (not that I'm going to try it, but someone might....)

[Pupik]

Too much paranoia in this thread. Just copy the hotlinks from the email, and paste them here (in code tags so they won't be hotlinked) without clicking on them.

Let's see what's all the panic about.

[+Peewee210 Subscriber¹]

Microsoft wouldn't email you if a new version of messenger is out, they will tell you when you actually log into Windows Messenger.

[DaveyMN]

Too much paranoia in this thread. Just copy the hotlinks from the email, and paste them here (in code tags so they won't be hotlinked) without clicking on them.

Let's see what's all the panic about.

The links in my e-mail are:

http://microsoft.windowslive.com/Key=38834.rQQF.D.Gb.NyvLjb
http://microsoft.windowslive.com/Key=38834.rQQF.F.Gb.FdxSPQ
http://microsoft.windowslive.com/Key=38834.rQQF.G.Gb.NXDTB8

At the bottom of the e-mail, there's a messageID which is:

Message-Id: <20091009223933.034F.6219827-38834@microsoft.windowslive.com>

[Lee G. Veteran]

I just logged into WLM, and I got this message when I logged in. So, regardless of the e-mail, I'd go to http://download.live.com/messenger and download the latest version :)

[Pupik]

The links in my e-mail are:

http://microsoft.windowslive.com/Key=38834.rQQF.D.Gb.NyvLjb
http://microsoft.windowslive.com/Key=38834.rQQF.F.Gb.FdxSPQ
http://microsoft.windowslive.com/Key=38834.rQQF.G.Gb.NXDTB8

At the bottom of the e-mail, there's a messageID which is:

Message-Id: <20091009223933.034F.6219827-38834@microsoft.windowslive.com>

All links are legit, and don't forward you to any adware/phishing/scam sites.

http://www.windowslive.com/Error

http://download.live.com/SystemRequirements.aspx

http://privacy.microsoft.com/en-us/default.mspx

Guess Microsoft sent the e-mails too early, when the final version wasn't available yet.

[ViZioN]

I got the same email and decided it was definitely dodgy. The links just don't look genuine to me, and it's from a weird email. And on another note, how many times do you received emails from Microsoft asking you to update a program for security updates :laugh:

I just went onto the real site and downloaded the latest version, which ironically wasn't the one I had installed :p

Edit: Weird, I didn't get that popup lcg.

[Chasethebase Reporter]

Just grabbed the installer from the site and it doesn't show an update is available...

[hdood]

Windowslive.com is a Microsoft domain, no one else has access to it. You cannot fake links on it.

[AdzzzUK]

DNS Information for WindowsLive.com:

Registrant:

Microsoft Corporation

Domain Administrator

One Microsoft Way

Redmond, WA 98052-6399

US

Email: *******@microsoft.com

Registrar Name....: CORPORATE DOMAINS, INC.

Registrar Whois...: whois.corporatedomains.com

Registrar Homepage: www.cscprotectsbrands.com

It's legit. I'll see if I can find the news I saw about older versions being upgraded to Windows Live Messenger. Esp. from Windows Messenger and MSN messenger.

The latest build information is: Version 2009 (Build 14.0.8089.726). If your version is earlier, you will be prompted to upgrade from within WLM itself. If you're not sure of the build on your machine, go to Help > About Windows Live Messenger.

[Nick Brunt]

Windowslive.com is a Microsoft domain, no one else has access to it. You cannot fake links on it.

Actually, using php you can send an email "from" any domain.

	$from = "anyone@anywhere.com";
	$headers = "MIME-Version: 1.0\r\n";
	$headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
	$headers.= "From: $from\r\n";

	mail($to,$subject,$sendmessage,$headers);

This would send an email from the server it is running from but will appear to be from "anyone@anywhere.com".

Also, I love the way the OP blanked out a section of the system tray... any chance you've got a torrent program running...? :o

[hdood]

Actually, using php you can send an email "from" any domain.

The real servers it went through will still be shown in the headers, but I was talking about links, not the "from" address. The links go directly to a Microsoft domain, and these cannot be faked unless someone either stole the domain from Microsoft or hacked the server.

[AdzzzUK]

Nick,

While it's true you can fake links in the "from" bit, when you have links in the body of the email that's trickier to spot. In this case, the links are valid WindowsLive.com address, which is definitely owned by Microsoft.

The uncertainty we're having here is EXACTLY why I'm in the middle of setting up a major new project to protect people against this sort of thing.

I can't discuss further, site rules prevent that - BUT, watch this space as I'm also hoping to get Neowin in on this at some stage, I've already contacted major online safety organisations to get their support.

Ad

[Colin-uk Veteran]

I got that email too.

usually if theres a required update, the messenger program wont let you sign in until you've installed it.

i just ignored mine :p