Fwd from AIS. We're getting peppered with these right now. In
case the inline image gets stripped out, this phishing e-mail uses a banner from
the Microsoft Update site, followed by the text "URGENT: Please intall critical
Windows XP/2000/2003/Vista update!" in a large-sized, gray Tahoma
font. Below that is a button control labeled "Urgent install", followed by
the text "Get critical update (obligatory)" in Times New Roman. Finally, below
that, also in Times New Roman, is the text,
"Concerned about privacy? When you check for updates, basic information
about your computer, not you, is used to determine which updates your programs
need. To learn more, see our privacy statement. "
The headers
and the actual message are appended
below.
Best,
Tony
Tony Farrell
Systems Analyst
Student
Academic Record Systems Team,
Administrative Information Services
Michigan State University
517.353.4420 x302
[log in to unmask]
Here are
the headers:
Microsoft
Mail Internet Headers Version 2.0
Received: from barracuda.ais.msu.edu
([35.8.113.175]) by ais-ex1.ais.ad.msu.edu with Microsoft
SMTPSVC(6.0.3790.3959);
Wed, 6 Feb 2008 08:56:52
-0500
X-ASG-Debug-ID: 1202306210-489000050000-UqQDZy
X-Barracuda-URL: http://35.8.113.175:8000/cgi-bin/mark.cgi
X-Barracuda-Connect:
dra45.neoplus.adsl.tpnet.pl[83.24.186.45]
X-Barracuda-Start-Time:
1202306210
X-ASG-Whitelist: Sender
Received: from microsoft.com
(dra45.neoplus.adsl.tpnet.pl [83.24.186.45])
by barracuda.ais.msu.edu
(Spam Firewall) with SMTP id 9EF6CD0036E2
for <[log in to unmask]>; Wed, 6 Feb
2008 08:56:51 -0500 (EST)
Message-ID: <002301c868c8$1ff4398a$2dba1853@milewski>
From:
Microsoft Corporation <[log in to unmask]>
To: <[log in to unmask]>
Bcc: <[log in to unmask]>,
<[log in to unmask]>,
<[log in to unmask]>,
<[log in to unmask]>,
<[log in to unmask]>,
<[log in to unmask]>,
<[log in to unmask]>
X-ASG-Orig-Subj:
Microsoft Critical Live Update
Subject: Microsoft Critical Live
Update
Date: Wed, 06 Feb 2008 14:56:51 +0200
MIME-Version:
1.0
Content-Type:
multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001F_01C868D0.81B88920"
X-Priority:
3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express
6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.2180
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at
ais.msu.edu
Return-Path: [log in to unmask]
X-OriginalArrivalTime:
06 Feb 2008 13:56:53.0011 (UTC)
FILETIME=[209F2E30:01C868C8]
***
PHISHING E-MAIL BELOW ** DO NOT CLICK BUTTON OR LINK
***