This old turkey keeps coming in the mailbox. Hidden under “Click here” is an .exe which will infect your computer.
Angelina Jolie’s Free Video.
Click Here!
About this mailing:
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the “Unsubscribe” link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers’ content nor any of the goods or service advertised. Prices and item availability subject to change without notice.
Needless to say, Microsoft does not send spam. Please don’t click unsubscribe links and buttons coming from spam messages, doing so would only serve to confirm your email is working and ready to receive more of the same.
Never click on the hidden links.
{ 30 comments… read them below or add one }
Eddie 07.20.08 at 5:59 am
What action has Microsoft taken or will take to stop this type of abusive messages. I consider these messages even more abusive since they use my e-mail address as sender.
Is there any action that I can take to stop this type of spam?
Thanks.
Eddie
certifiedbug 07.20.08 at 11:18 am
Hello Eddie,
“I consider these messages even more abusive since they use my e-mail address as sender.”
I agree, sadly it is easy to spoof the ‘From’ address in an email, spammers use software that picks a ‘From’ address at random.
They also often use hijacked (malware infected) zombie machines as a spam factory.
People on the World Wide Web should make sure they have updated security programs installed on their computers and practice safe surfing.
Anyone who suspects their computer is infected and doesn’t know how to clean it up would be wise to seek assistance as soon as possible, free help is given by volunteers at the security forums listed in the right sidebar.
As for the email box, responsibility falls on the end user to filter spam and if it does get through, to delete without clicking on the links.
Reputable companies do not email users asking them to confirm passwords, account numbers, name, correct email address etc.
Or for that matter provide click me links to malware infested sites.
Beware if the email appears to be from PayPal, eBay, your bank etc, asking for your confidential details and do not respond or risk having one’s identity stolen.
If in doubt about such an email, pick up the phone and call the business where you have an account directly.
If you receive spam email that you believe is deceptive, you can forward it to:
spam AT uce.gov. (replace A with @)
http://www.ftc.gov/spam/
Thank you for your comment.
Alfred 07.25.08 at 6:04 am
I also got the spam, mentioned in the list at the top.
I am using “Spaminihilator”
My question is
I read; “I agree, sadly it is easy to spoof the ‘From’ address in an email, spammers use software that picks a ‘From’ address at random”.
Because of the mixing with adresses (”spoof”); Can I just tape it as “Spam”, despite the adress-tric??
Dave M 07.27.08 at 12:51 pm
Yes, received an offer for ‘Anjelina’s Free Video’ - told to be from MSN featured offers, and carelessly - foolishly - clicked the link. Being tired at the end of the day, I didn’t notice the file I was downloading was not a video file, but hidden as _anjelia.avi.exe … an .exe rather than .avi file.
Immediately all antivirus programs and spybot went into action, but it got far enough into the system to hassle me.
Root of the problem file traced to a virus executable, services.exe in the Windows folder which had made itself a startup entry, plus another 3 in system32, lphcj7lj0ea95.exe, along with bitmap image phcj7lj0ea95.bmp (used as background by virus displaying Spyware detected), and a false version of bluescreensaver blphcj7lj0ea95.scr which leads to Windows shutdown, these in system32 as well.
How I resolved the problem: Remove services.exe from the Windows folder, then lphcj7lj0ea95.exe, phcj7lj0ea95.bmp and blphcj7lj0ea95.scr from system32. This should remove the startup entry services.exe, you will also have to reset your screen background. Try rebooting after this.. I hope this helps.
Dave M.
certifiedbug 07.27.08 at 6:37 pm
Hi Alfred,
“Because of the mixing with adresses (”spoof”); Can I just tape it as “Spam”, despite the adress-tric??”
I have not used “Spaminihilator”, they appear to have a useful Wiki help page.
In Mozilla’s Thunderbird I mark such as Junk and delete.
certifiedbug 07.27.08 at 9:40 pm
Hello Dave M,
As you probably know, lphcj7lj0ea95 etc are random names.
To expand a little, the fake ’services.exe’ might be present in the Windows folder, added to the RUN keys so the Malware loads at every startup.
Services.exe found in the System32 folder, is the Windows Services Control Manager, a critical process essential to the operation of the system.
Often malware comes bundled with ‘friends’. When security programs have been unable to completely remove an infection I advise users to seek help at an on-line forum, (list in the right sidebar), where trained people can help with manual removal.
Interested users can see an analyst’s report on video-nude-anjelia.avi.exe - Trojan-Downloader.Win32.Agent.xbw at the B.I.S.S Forums
Flora 07.28.08 at 6:49 am
I received the MSN offer of Angelina Jolie nude video and clicked unsubscribe. Now I have an advertisement on my msn homepage in the box where I use to have “news”. How do I fix this?
certifiedbug 07.28.08 at 7:52 am
Hi Flora,
What is your operating system and do you have security applications installed, such as an anti virus program?
Kate 07.29.08 at 9:09 am
I too keep receiving the Angelina Jolie spam
I tried to block it blocked my own address
tried to reply to tell them to stop I got the reply……..
If getting this kind of Spam is a result of belonging to MSN
should you not send out a warning about the video.and give a proceedure to get rid of it…………………
How do I unsubscribe from MSN?
and or get rid of the spam sender?
Kate
certifiedbug 07.29.08 at 9:32 am
Hi Kate,
Please read the comments above, and do not ever respond to spammers.
Regards.
kc 08.02.08 at 7:20 am
I NEVER received any of these ‘msn featured offers’ until after I registered at msnbc to make comments on news stories. and since I have a policy of never registering to accept any email/offers etc from any site, I am very suspicious of the origin of this spam. almost seems like a disgruntled employee/ex employess hacked in somewhere and is havine som malicious revenge.
Still haven’t seen an anwer to challenge of dealing with spam that uses my own email as sender. how to block?
jesse 08.02.08 at 2:07 pm
I got a paris hilton vid one don’ know how the hell it happened I know it’s spam how do I get rid of the spam and stop them form sending it to me?
ted 08.02.08 at 10:18 pm
i thought i was the only one… had a monopoly…. on the spam ware, mentioned herein..!! i have a lot of company, it seems..
it was hard to believe, that msn would be involved with such idiotic behavior. haven’t found an effective eliminator, yet.. i have yellow and blue warning sign, can’t get rid of it.. tried scraping it off.. no luck!
i have another problem, that won’t disappear…
called - SMART FILTER.. BOSS EDITION (has picture of dog)..
can anyone offer some aissistence? suggestions?
thanks…
ted
certifiedbug 08.02.08 at 11:39 pm
Hello Ted,
That sounds like a different problem, are you receiving popups saying the computer is infected?
SMART FILTER by Secure Computing Corporation?
If so you will need to speak to the employer or school who installed the software.
certifiedbug 08.02.08 at 11:51 pm
The Spamhaus Project.
Consumer Alerts and anti spam related information.
http://www.spamhaus.org/
edivaldo pache 08.04.08 at 1:31 pm
não quero receber mensagens do MSN Featured Offers e-mail
certifiedbug 08.04.08 at 1:46 pm
Hello edivaldo pache,
Translation:
No one does.
certifiedbug 08.11.08 at 9:37 am
People, please do not leave comments asking me to stop spam in your mailbox.
They won’t be published. Certifiedbug is not associated with fake MSN Offers.
Alerts are ‘posted’ on the blog as a courtesy to readers so that they may be aware, and practice safe surfing with a secured computer.
Receiving comments such as, “Please remove my e-mail address from this SPAM”, just goes to show ‘proof positive’ that often users do not read articles, faqs, alerts and security news before happily clicking away.
This is one reason so many have infected computers!
MrWhy 08.11.08 at 2:29 pm
If everyone who received these spam emails clicked on the remove link about 40 times it might create enough useless traffic to make them give up this technique.
certifiedbug 08.11.08 at 7:26 pm
It sure would cut down on infections and stolen identities.
luis 08.12.08 at 11:20 pm
en castellano; como puedo hacer para que no me lleguen todos esos correos no deseados??
certifiedbug 08.13.08 at 12:46 am
Hello Luis,
Badly translated, sorry.
The spam is sent by electronic mail (email), not delivered by the post office, although perhaps your meaning was lost in the translation.
There are many programs available to help filter spam out of the mailbox, as well as configuring your email client to do so.
A Google email address works pretty well at separating spam from legitimate mail.
When email spam does gets through, as MrWhy said in his comment, click on the remove link. Delete.
A Canadian 08.26.08 at 12:58 am
I clicked on the link and it Froze my PC and put up a sign telling me to get a good virus scanner. I had to have the disk wiped. Fortunately, I had lots of backup copies made of my important files.
With all the advancement in Technology today , can’t we have Internet Police that will Find these Evil Spammers and Put them in a room full of Telex tele-type machines going Clackity Clack, Clackity Clack incessantly for the next 50 years.
Then, maybe, they will learn not to send spam to us.
certifiedbug 08.26.08 at 12:39 pm
The Washington Post’s Security Fix blog has a series on Web Fraud.
http://voices.washingtonpost.com/securityfix/web_fraud_20/
Web Fraud 2.0: Thwarting Anti-Spam Defenses
Nissi1 09.02.08 at 8:47 pm
I have received multiple emails for “Dell Testers Wanted, Get New Laptop when You Act Today” from MSN Feature Offers. Every time I received this email, such as today, I desperately wanted to click the unsubscribe link. However, I did not due to a sense of “beware” in my spirit. I have not noticed anything in particular that stands out in these emails, there is just something about them that says “phishing”. Maybe it was too good to be true.
I finally decided to search MSN for Featured Offers and came across the above information. I am happy I did. Since I started receiving phishing emails 3 months ago, I have been practically paranoid when it comes to clicking links!
As I stated in an AOL comment, which was not well received, they are many unsuspecting individuals who do not know what spam or phishing emails are. Many of whom may not read very well or do not venture far from their daily computing routines. Then there are those who are aware of spam/phishing emails but have fallen for a well designed and written scam.
When a phisher gets comfortable enough to portray himself as a particular company and request “updated information” from this company’s subscriber several times a month, every month, it is time for that company, at the very least, to warn their subscribers.
I congratulate MSN for having this forum where I can receive and share information on scam mail. I feel more people will be assisted if there was a MSN Phishing or Security Alert link on the home page leading to this forum.
Thank you,
Nissi1
certifiedbug 09.02.08 at 11:39 pm
Hello Nissi1,
Thank you for your well expressed thoughts on the subject, I am sure your comment will be useful to readers.
Just so you know, certifiedbug.com is not associated with MSN but if they wanted to link here I wouldn’t mind.
Thanks again!
Nissi1 09.03.08 at 8:05 am
Good morning,
Thank you for your kind reply.
It was after I posted my comment that I realized certifiedbug.com is not associated with MSN.com. However, I was grateful for a place to vent at that moment.
Once I realized you were not MSN, I searched further and found a MSN phishing reporting site: abuse@msn.com. I forwarded the phishing email to them and received the following automated reply:
Nissi1 09.03.08 at 8:35 am
Good morning again,
I apologize. I hit tab which posted the last comment before I was finished. To continue with the automated reply I received from abuse @msn.com.:
We can help you best when you forward the spam/abusive mail as an attachment to us. The attachment should have full headers / message routing information displayed.
I resent the phishing email as an attachment and received this automated reply:
Unfortunately, we are unable to process your request because the message you forwarded is either old or contains what are known as “forged headers.” Spammers create forged headers by hiding the actual domain from which they sent their message. The message might appear to have originated from MSN, but in reality has come from a different e-mail address. This is a common trick used by spammers to hide their identity.
The email was not old since I received it yesterday. And of course spammers use forged headers! However, finding their actual domain is not a problem for me, why should it be for them. I use Windows Live Mail. For every email I receive, there is a properties feature which reveals the sender’s true email address, and the ISP.
This is ridiculous; perhaps there is information I am missing.
Thank you,
Nissi1
certifiedbug 09.03.08 at 5:07 pm
Hi Nissi1,
Sorry for the delay, it’s been a busy day. Good work you have been doing.
I am not excusing MSN, but the reason is probably because more often than not, what appears to be the bad guys email address is often sent from an infected machine compromised by a spam botnet. There are millions of them sending out spam and the IPs are changed pretty frequently.
The innocent user often doesn’t have a clue their computer is infected until their identity is stolen, money is withdrawn from accounts, a friend tells them off for spamming or the machine grinds to a halt.
Some users do figure it out and we see them in the forums with subject matter such as, “Help me, my computer is a spam machine!”
Previous posts here may be of interest.
http://certifiedbug.com/blog/tag/botnet/
Hope that explains a little why it is difficult for end users to stop spam by going after the source and often is better dealt with by guarding the mailbox.
Of course people shouldn’t give up on reporting it.
Nissi1 09.03.08 at 10:27 pm
Good morning Certifiedbug,
Thank you for your kind words, support, and information.
Grace and Peace,
Nissi1