Malware, posing as Microsoft Digital Crimes Unit email, hits the Internet

One of the most basic things that people can do to avoid installing any kind of malware on their PC is not to open every single email they receive. Malware is distributed by this method all the time, such as the message that one person clicked on in 2012 that led to a massive attack on the online tax records of South Carolina.

Today, there's word of yet another email that's making the rounds of the Internet that could make people think it is a real security warning. The Naked Security blog reports that the email looks, at least at first, like it comes from the Digital Crimes Unit division at Microsoft. This is the same department that has been going after a number of criminal botnets, such as the recent takedown of the Bamital botnet.

As you can see above, the email claims that all users of Microsoft products have to "validate there [sic] email account information" by downloading an attached file. The file is, in fact, a version of the Troj/Agent-AANA Trojan horse.

Many people might figure out that this email is not legitimate due to some spelling errors, along with its use of the now outdated Microsoft logo. However, there are plenty of others who might be fooled into downloading the attached file. 

Source: Naked Security | Image via Naked Security

Report a problem with article
Previous Story

Microsoft shows off more of Kinect Fusion for Windows

Next Story

Microsoft patent fight with Google could ban Google Maps in Germany

16 Comments

Commenting is disabled on this article.

1, or simply ignore the email
2, or contact any seller of any computer product, (dependent of locale, pc world, best buy <if applicable> and the like etc...) and ask if they have heard if this is true, usually they do have some, note.. some knowledge about email registration or validation for upcoming products...

"All users of the Internet and Microsoft products are hereby required to..."

Sounds legit. I use the internet, where do I send my validation? I haven't got this e-mail.

all looks legit until you get to the "non word" irregardless (weird auto spell check doesn't pull this up as an misspelled word) and the download and extract part

Once done you will updated on Microsoft Security database (missing the complete word >Be< there guys) that would have thrown my alarm bells into a tizzy right there

Nah mate, it's legit. They're using the "modern" English that you use on the Internet. See, the reason why oldies such as I won't have our email accounts verified and secured is because it looks suspicious to someone educated and brought up on "old" English. Those who are brought up and perpetuate modern English, they're the ones who are safe. </sarcasm>

Interesting that you consider it's all legit until irregardless (And my spell check picks it up fine), because "their" is misspelt only a couple of words prior.

I don't get how this kind of thing still works. Don't all email clients and webmail platforms block executible attachments?

to be honest i don't know what outlook does with it 'cause i literally don't remember ever receiving such stuff

pretty sure it blocks just as gmail does but there are plenty other webmails out there

sphbecker said,
I don't get how this kind of thing still works. Don't all email clients and webmail platforms block executible attachments?

It's not always .exe files that are the problem. There are lots of files that you can open and they'll execute commands on your system. A bit one used to be .pif files, but there are other documents that can be used to exploit applications on the system. PDF files are very common way for hackers to hijack your system from you opening an email attachment "here are the account details you asked for", or "here is the copy of the emails the cheat was sending to his lover!" these kind of things will make people 'take a peak' even if they aren't meant for them... in this case, it's a security update. could be msi, exe, cmd, pif or any number of other things.

sagum said,

It's not always .exe files that are the problem. There are lots of files that you can open and they'll execute commands on your system. A bit one used to be .pif files, but there are other documents that can be used to exploit applications on the system. PDF files are very common way for hackers to hijack your system from you opening an email attachment "here are the account details you asked for", or "here is the copy of the emails the cheat was sending to his lover!" these kind of things will make people 'take a peak' even if they aren't meant for them... in this case, it's a security update. could be msi, exe, cmd, pif or any number of other things.


yeah, IIRC Windows (at least XP) would execute any file so long as it had a header or wtv saying it was executable.

Obviously you guys don't read Microsoft email

I dunno how people fall for this, even if I was sure there was an issue I'd check on other sites first, most I'd go to Microsoft's own site first.

But I know people do it, and even my dad entered his login details without question when prompted to upgrade to Skype from windows live messenger... He didn't verifiy it was a legit email, site or anything like that. He used to use it (moved to Windows 8) so he simply entered his information. Crazy.