Jaap --
Thanks for the review of the "update-service-via-email" spoof.
Actually, "Microsoft [does send] emails about new versions of their
software". I am registered as an MCP at the Mcrosoft web site and have
actually opted in to receive notices of "important security updates" for my
W2K Pro OS.
What Microsoft does NOT do is ever send updates as _email_ _attachments_ to
update notices. Any such _attachments_ almost certainly _are_ bogus and
should be promptly deleted.
Further, all such notices that I receive from Microsoft, are authenticated
by PGP signatures.
Finally, being duly aware of the bogus hyperlink spoof, I _never_ follow
links given in emails, even Microsoft authenticated emails, but instead I
exit Outlook Express and use my own separately established links to the
Microsoft update web site. These links have been undisturbed for over two
years of on-line updating and have been proven valid by repeated testing and
use.
The actual email that lead to this particular fiasco has, of course, died
with the rest of the contents of my H.D. However, I am sure that I still
have a copy of last month's notice of updates. I will try to locate it and
forward it to you as a separate email.
--- Avoid computer viruses, Practice safe hex ---
-- Specializing in small, cost effective
embedded control systems --
http://www.smithmachineworks.com/embedprod.html
Robert L. (Bob) Smith
Smith Machine Works, Inc.
9900 Lumlay Road
Richmond, VA 23236 804/745-1065
[EMAIL PROTECTED]
----- Original Message -----
To: "Multiple recipients of list CHIPDIR-L" <[EMAIL PROTECTED]>
Sent: Friday, April 16, 2004 2:49 AM
> At 2004-04-14 17:59, Robert Smith wrote:
> >I don't know if this is a virus or just another Microsoft bug.
> >
> >Yeserday I received a notice from Microsoft that the next round of
> >"security" updates was available from the Microsoft updates site for W2K.
>
> Beware that Microsoft never sends emails about new versions of
> their software (as far as I know), so any email about this is
> a fake.
>
> And these fake emails can also contain a link that appears to
> be to the Microsoft site, but which isn't really. There was
> a bug in IE discovered recently whereby an URL like:
> http://[EMAIL PROTECTED]/ would even in the
> address bar of IE would just show: http://www.microsoft.com
>
> Please note that the [01] stands for ASCII 0x01 which isn't visible.
> Also be aware that the '@' in the URL will make the browser go to
> the part after the '@' whilst using the part before the '@' as the
> user's login name. Of course maffia.org won't use the user name
> part.
>
> Try for example this (it's safe):
> http://username:[EMAIL PROTECTED]/
>
> There are also ways to hide these things in emails, so that even
> experts don't notice them right away and have to look very closely
> at the source of the email to study what the trick is.
>
> Be very careful!
>
> >Later, I connected to the Microsoft update site and downloaded 5
"critical"
> >updates for Explorer and Outlook Express. I then followed the required
> >system restart procedure and my system went into glacier mode (the CPU
> >appeared to execute about 1 instruction per second. For the restart
process
> >to reach the normal windows desktop took over an hour.
> >
> >To make a very long story very short, I eventually had to go back to my
last
> >backup set (fortunately not too old) and completely restore the system.
> >
> >So, beware the Microsoft update site until further information about this
> >disasterolus problem becomes known. Perhaps someone here can pass this
> >information on to a Microsoft users list with wider distribution.
>
> Do you still have the original email (was it an email)? Can you forward
> it to me?
>
> Greetings,
> Jaap
>
> --
> Author: Jaap van Ganswijk
> INET: [EMAIL PROTECTED]
>
> Fat City Hosting, San Diego, California -- http://www.fatcity.com
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB CHIPDIR-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
--
Author: Robert Smith
INET: [EMAIL PROTECTED]
Fat City Hosting, San Diego, California -- http://www.fatcity.com
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB CHIPDIR-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
