Well well well. The morons who devised the scam I warned against in my previous post finally realized that decent e-mail clients were automatically blocking their attachment. In their latest round of spam scam they’ve used the same legitimate looking e-mail layout, but the instructions to run the attached file have been replaced with this:
Remember what I said in my previous post about this type of scam? I said…
Neither Microsoft nor any responsible publisher or vendor
will ever attach an executable file to an e-mail.
And nor should they ever give you a link like that in an e-mail.
If we once again look at the HTML code behind the e-mail, we’ll find that the link actually reads:
http://update.microsoft.com.il1if1.com.mx/microsoftofficeupdate/
isapdl/default.aspx?ln=en-us&id=34660031934932844954
642220548279576324510
Ignore everything that comes after the first single slash; the important part that points to the actual domain is this:
http://update.microsoft.com.il1if1.com.mx
In other words, while the text of the link says that you will be referred to:
http://update.microsoft.com
you will actually be sent to the Mexican registration:
l1if1.com.mx
Wanna take the risk? Not me, thank you very much.
This illustrates a truism that members of The Hacker’s Nightmare family have heard me say many times:
The first line of defense is the human brain.
Keep it engaged when online.
In other words, anti-malware software tools can’t always prevent you from doing silly things. You need to develop a safety mindset, and that only comes with education.
