Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
Home Page

Click Picks
Internet & Security

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

9. A Tech Support Scam

This e-mail message purports to be from Microsoft. It looks very real. The trouble is that Microsoft didn't send it.

Next Page
See also

We recently received the e-mail below, which claims to be from Microsoft. Attached was a file with what were supposed to be the latest Windows security patches.

The letter looks authentic. It uses Microsoft's style and all the links go to the Microsoft Website. There is a TRUSTe link at the bottom. This letter is a scam and the attachment is a virus. There are a few problems with this letter, some obvious and some subtle:

  • There is a typographical spelling error. There is no salutation, only "Microsoft Customer". The opening sentence starts in lower case: "this is...."
  • The language used throughout the letter is generally a bit crude.
  • The attachment is very small. Patch files are often quite large.
  • Patch files are generally specific to your version of the operating system. There is usually no single file that will patch all versions.
  • If, as stated, this patch incorporates the functionality of all previous patches it will be huge!
  • Most mail systems will reject large attachments.
  • More importantly, Microsoft never sends out patches. They might send out a notice with a link to their Website but even that is not likely. Their preferred method of providing patches is for you to go get them. You can also enable automatic updates and receive them automatically when they become available.
  • And, finally, why is there a note stating that the names of the products are trademarks of their respective owners? These are all Microsoft products discussed in a letter that is supposedly from Microsoft.

The note to choose "Yes" when running the attached file is also a tip-off to a problem. It is likely that Windows will advise that the file is not digitally "signed" for your protection and thus may not be trusted. By clicking "Yes" you are telling Windows to ignore a possible security threat.

There is good reason not to open the attached file. Our anti-virus software flagged it as being infected, issuing this message:

Norton AntiVirus removed the attachment: Patch3172.exe.
The attachment was infected with the W32.Swen.A@mm virus.

So, what would happen if you were to open the attachment? Quite a lot, according to the Symantec Website:

W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail....

This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message.

If you thought that was bad it gets worse. According to Symantec the virus also:

  • Attempts to stop all anti-virus and firewall software.
  • Disables Registry tools such as Regedit, so you can't view or change the Registry.
  • Scans your hard drives for files containing e-mail addresses and mails itself to those addresses.
  • Puts up an error message asking you to re-enter some critical information, including: Email address, Username, Password, POP3 server, and SMTP server.
  • Logs in to your POP server to retrieve your e-mail and deletes copies of messages it has sent.

This thing is pretty clever. It tricks the recipient into launching it, it can prevent the computer from combating it, and it sends itself to any e-mail address it can find using your e-mail account. There are several ways to protect yourself from this and other viruses:

  • If you are using Outlook or Outlook Express make sure the preview panel is turned off, otherwise message attachments such as this one can open themselves without your permission.
  • Be sure you have an anti-virus program and that you keep the virus definitions current. You can buy excellent products from Symantec, McAfee, and others. You can also download free anti-virus software through links on our Website. Just get something!!!
  • If you think have a virus visit the Website of and anti-virus vendor to see if they have a free tool to identify and/or neutralize it. Click here to find the Web addresses of several vendors.

Next Page
See also