Last updated: 
1 month 2 weeks ago
Blog Manager
We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Microsoft phishing / malware emails

Wednesday, May 1, 2013 - 08:44

We have seen a couple of reports today of some well structured and convincing phishing / malware emails appearing to be from Microsoft.

The email links you to http://fileserver.updateservermicrosoft.net/MS00285913/CriticalUpdates/ which is a website that looks exactly like a Microsoft site. It then asks you to install a .msi file which currently is currently only being picked up by a limited number of anti-virus vendors,

https://www.virustotal.com/en/file/02b41259ea67a9d7ec191e8cf18be95f4c475...

You may want to block the domain fileserver.updateservermicrosoft.net at your border or look into any request that may have been made at your site for this URL.

The Message below is one of the original phishing type message that has been brought to our attention.

> ---------- Forwarded message ----------
> From: Microsoft <updates@mcrsoft.com>
> Date: 30 April 2013 17:55
> Subject: Attention: Microsoft Office
> To: Recipients <updates@mcrsoft.com>


> Dear Microsoft Office user,
> through our annonymous statistical information collection system built
> into all Microsoft Office products, we have detected that your system
> is currently lacking 3 critical Office patches.
> These patches are for Microsoft Word, Microsoft PowerPoint and Microsoft
> Outlook,
> in order to keep your computer and data safe we urge you to go to Microsoft
> Download Center
> and download the Microsoft Office Critical Update Pack available on our
> website.

> You can do this by searching for the patch on our website or directly at:
> http://fileserver.updateservermicrosoft.net/MS00285913/CriticalUpdates/

> Sincerely,
> Microsoft Office Support
> Cardinal Place
> 80-100 Victoria Street
> London
> SW1E 5JL