Watch for Fake Microsoft Bulletins

The SANS Internet Storm Center again has an article about fake Microsoft Bulletins - in this case a Security Bulletin that suggests an update to Internet Explorer.

In the past most of these "bulletins" came with the "fix" file attached to the e-mail as an attachment. This bulletin uses HTML to hide the fact that the e-mail is not pointing at Microsoft's servers but instead at another site.

I'm always sceptical of HTML mail - and I'm not alone. The US Dept. of Defense has outlawed anything but text e-mail on their systems.

If you must view HTML e-mail and you expect to click on a link in it, please find your e-mail browser's method of "View Source" to look at the e-mail's HTML code inside - and check to see if the stuff in the "Anchor" areas (surrounded by the  <a html=....> and </a> tags actually points to a domain that reasonably might contain what you expect.

In the case of a message from Microsoft for example, it should look something like the following:
<a href="updates.microsoft.com/something/somethingelse">get your update here</a>

If instead you see something like:
<a href="spammer.microsoft.computer.ru/message12564">get your update here</a>
(note the ".ru" means the domain is in Russia)
then close and delete the message (maybe forward a copy to abuse@microsoft.com too) and be extra glad you didn't click on the link.