CIS 608 Logo

CIS 608 Logo
CIS 608 - Information Security Management

Tuesday, October 11, 2011

Post 036 - CIS 608

Implementing E-Mail Security Solutions to Defend Against E-Mail Dangers, Scams, and SPAMS

This week in the CYBR 515 - Security Architecture and Design class, we are studying E-Mail Dangers and how to implement security against these dangers to mitigate the risks.

I received the e-mail below this morning. The header is also included for those who like to read such things The point in including this scam e-mail in this blog is to show:

1) It looks VERY authentic and legitimate. They want you to believe that they are from Microsoft Canada and that they are legitimate.

2) That even the best spam filters can't catch everything and that your ability to be secure in the use of e-mail requires constant vigilance and education about the dangers that are associated with e-mail threats.

You brain, your awareness, and your vigilance may be some of your best defenses in e-mail and other places you touch and use the Internet (especially the web via web browsers).


E-Mail Header:

X-MSK: CML=3.201000
Received: from ([]) by with MailEnable ESMTP; Tue, 11 Oct 2011 10:33:03 -0500
X-ASG-Debug-ID: 1318347175-00958a099a1049e00001-LAYJgu
Received: from sharpe ( []) by with ESMTP id ypTHT0fs5gSIj2Qr for ; Tue, 11 Oct 2011 11:32:55 -0400 (EDT)
From: "Microsoft-Canada"
Subject: Critical Update For Microsoft Firewall and Security Center 4081
X-ASG-Orig-Subj: Critical Update For Microsoft Firewall and Security Center 4081
Content-Type: text/plain;
Date: Tue, 11 Oct 2011 16:32:57 +0100
X-Priority: 1
X-Library: Indy 8.0.25
X-Barracuda-Start-Time: 1318347175
X-Virus-Scanned: by bsmtpd at
X-Barracuda-Spam-Score: 0.64
X-Barracuda-Spam-Status: No, SCORE=0.64 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC0_SA601, MISSING_MID, NORMAL_HTTP_TO_IP
X-Barracuda-Spam-Report: Code version 3.2, rules version
Rule breakdown below
pts rule name description
---- ---------------------- --------------------------------------------------
0.14 MISSING_MID Missing Message-Id: header
0.00 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
0.50 BSF_SC0_SA601 Custom Rule SA601
Message-Id: <>
X-ME-Bayesian: 0.000000


E-Mail Text Body:

Tuesday, October 11, 2011,
10:33 AM

Dear Customer,

Please notice that Microsoft has recently issued a Security Update for Microsoft Windows Firewall and Security Center.

This Update is to prevent malicious users from getting access to your computer files by executing arbitary code on a new buffer overflow found in the windows firewall process.

This is an high-priority updates. In order to help protect your computer against security threats and malicious code.

Please follow these instructions:

1. Download the file from

2. Double-click on SECURITY_FIX_4081.exe to start the update.

3. Click on *Allow Access*

This is an Automated Message produced by Microsoft Canada Co., Please Do Not Reply

Microsoft Team.


Stay safe online!

Best regards,

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Chicago, IL
United States of America

No comments:

Post a Comment