For those of you who have received an email message from [email protected] instructing you to download the latest security updates for Windows Live Messenger and haven’t raised your eyebrows then you need to be more security pro. Whether this email is a scam or not, it’s hard to tell for sure but I would like to attempt a quick check for its validity. One thing is for sure; do not click any links in this message before you do your checks!
Firstly, I would assume that microsoft.windowslive.com is a genuine domain owned by Microsoft, I would have trusted more windowslive.microsoft.com though! Trying this domain in my browser gives an error, while trying windowslive.com loads Windows Live home page, so I am still without any clue! Even the username part of this email address seems slightly exaggerated but it happens with big organizations.
Secondly, I would invoke a couple of tools hoping that one of them would give me a definite answer. The online whois query tools for registration information would verify windowslive.com as a Microsoft registered domain but it wouldn’t help me verifying the subdomain microsoft.windowslive.com. I can check the domain against a couple of Malware Domain lists available on the net. Some tools like network-tools.com would resolve the full domain name to an IP address and then test that IP address against public available blacklists such as, mxtoolbox.com. There I find some useful utilities that help me do a reverse lookup, port scan, etc. Eventually, the results of these tests do not incriminate the domain or IP as malicious.
Finally, if you have an isolated network with a test VM, you can test the Download Now link within the email message and monitor its behavior. Up to this step, I felt confident that this email message is a valid one, however, the link redirect sometimes failed while other times ended up at Windows Live Messenger 2011 home page. I would conclude that this is more a hasty and ill-planned message rather than a scam but I went through this process for the sole purpose of making you aware of the tools available and steps taken when verifying suspicious emails.