Spiceworks community reports new malware attempt through email 3_10_2011.

An apparent email is being sent that looks like an official Microsoft email, and it want you to validate your operating system.  The email contains a .net application. Below is a copy of the post from the Spiceworks community.

So, one of our users just got a really convincing email purporting to be from Microsoft Licensing (notification@microsoft-licensing-center.com). The email indicated that the user’s Windows license was invalid and that she should download the Validation tool from a hyperlink provided in the email (clue number one that something was up). Thankfully, the user did not click on the link and instead opened a ticket.

On my linux workstation, I downloaded the file and ran it through some code tools. It is a VB.Net application that seems to carry a payload that needs to be compiled (ah!, shellcode perhaps?).

Further, I ran a whois on microsoft-license-center.com. The whois listing is very convincing (go on, try it), except the name servers are ns1.official-adobe-download.com and ns2.official-adobe-download.com. Weird, why would Microsoft use an Adobe nameserver? They wouldn’t. So, I dug into official-adobe-download.com and found that domain’s whois entry to be almost as convincing, save for the fact that the registrar is located in Russia and the contact email is a @yahoo.com address.

So, definite malware here. Nice try though. Be on the lookout for this one.

Keep on the look out for viruses and practice safe computing, use a solid antivirus software to help.
Another tech update from the techies at www.end2endsupport.com and if you wish to buy Vipre software check out our page at www.gotavirusbug.com.

Copyright 2014 Simply Reliable Solutions, llc and E2 Computers.

Leave a Reply

Your email address will not be published. Required fields are marked *

End2End